Merge "dontaudit denial on the odex file of location provider." am: c1e11bbea5

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1988446 Change-Id: I65f3a3cf6530bc50ac66c34b216b767b04f41bb6
2022-02-18 09:23:58 +00:00 · 2022-02-18 09:23:58 +00:00 · 6ee88d68eb
commit 6ee88d68eb
parent 71b8ad6234 c1e11bbea5
2 changed files with 6 additions and 1 deletions
--- a/private/bug_map
+++ b/private/bug_map
@ -25,7 +25,6 @@ netd untrusted_app_25 unix_stream_socket b/77870037
 netd untrusted_app_27 unix_stream_socket b/77870037
 netd untrusted_app_29 unix_stream_socket b/77870037
 platform_app nfc_data_file dir b/74331887
-system_server apex_art_data_file file b/194054685
 system_server crash_dump process b/73128755
 system_server overlayfs_file file b/142390309
 system_server sdcardfs file b/77856826
--- a/private/system_server.te
+++ b/private/system_server.te
@ -76,6 +76,12 @@ allow system_server sysfs_fs_f2fs:file r_file_perms;
 allow system_server { apex_art_data_file dalvikcache_data_file }:dir r_dir_perms;
 allow system_server { apex_art_data_file dalvikcache_data_file }:file r_file_perms;

+# Ignore the denial on `system@framework@com.android.location.provider.jar@classes.odex`.
+# `com.android.location.provider.jar` happens to be both a jar on system server classpath and a
+# shared library used by a system server app. The odex file is loaded fine by Zygote when it forks
+# system_server. It fails to be loaded when the jar is used as a shared library, which is expected.
+dontaudit system_server apex_art_data_file:file execute;
+
 # For release odex/vdex compress blocks
 allowxperm system_server dalvikcache_data_file:file ioctl {
  F2FS_IOC_RELEASE_COMPRESS_BLOCKS