Allow dex2oat access to symlinks in APEXes to find DCLA libs.

With the introduction of DCLA (/apex/sharedlibs APEX), .so files can be
symlinked into that APEX, so we need to allow reading symlinks to be
able to link the dex2oat binary successfully.

This fixes "CANNOT LINK EXECUTABLE" errors for dex2oat during OTA
preopting.

(cherry picked from https://android-review.googlesource.com/q/commit:502a036436af58edccb209868dcd79b1a10408e4)

Test: Apply an OTA manually and check logs for errors
Bug: 291974157
Ignore-AOSP-First: Cherry picked from AOSP but changed to patch API 34
Change-Id: Iaadc41eca0bfab4c0cc0fa2471f26685e54ef0e1
This commit is contained in:
Martin Stjernholm 2023-07-24 23:57:03 +01:00
parent f162649111
commit 76b87a1874
2 changed files with 2 additions and 2 deletions

View file

@ -82,7 +82,7 @@ allow dex2oat postinstall_file:file { execute getattr open };
# Allow dex2oat access to /postinstall/apex. # Allow dex2oat access to /postinstall/apex.
allow dex2oat postinstall_apex_mnt_dir:dir { getattr search }; allow dex2oat postinstall_apex_mnt_dir:dir { getattr search };
allow dex2oat postinstall_apex_mnt_dir:file r_file_perms; allow dex2oat postinstall_apex_mnt_dir:{ file lnk_file } r_file_perms;
# Allow dex2oat access to files in /data/ota. # Allow dex2oat access to files in /data/ota.
allow dex2oat ota_data_file:dir ra_dir_perms; allow dex2oat ota_data_file:dir ra_dir_perms;

View file

@ -82,7 +82,7 @@ allow dex2oat postinstall_file:file { execute getattr open };
# Allow dex2oat access to /postinstall/apex. # Allow dex2oat access to /postinstall/apex.
allow dex2oat postinstall_apex_mnt_dir:dir { getattr search }; allow dex2oat postinstall_apex_mnt_dir:dir { getattr search };
allow dex2oat postinstall_apex_mnt_dir:file r_file_perms; allow dex2oat postinstall_apex_mnt_dir:{ file lnk_file } r_file_perms;
# Allow dex2oat access to files in /data/ota. # Allow dex2oat access to files in /data/ota.
allow dex2oat ota_data_file:dir ra_dir_perms; allow dex2oat ota_data_file:dir ra_dir_perms;