Allow artd to create dirs and files for artifacts before restorecon.
Bug: 262230400 Test: - 1. Remove the "oat" directory of an app. 2. Dexopt the app using ART Service. 3. See no SELinux denials. Change-Id: I717073b0172083d73a1b84e5c2bea59076663b2f
This commit is contained in:
Jiakai Zhang
parent
cc39bf74f1
commit
7789460457
1 changed files with 5 additions and 3 deletions
|
|
@ -31,8 +31,10 @@ userfaultfd_use(artd)
|
|||
|
||||
# Read access to primary dex'es on writable partitions
|
||||
# ({/data,/mnt/expand/<volume-uuid>}/app/...).
|
||||
# Also allow creating the "oat" directory before restorecon.
|
||||
allow artd mnt_expand_file:dir { getattr search };
|
||||
r_dir_file(artd, apk_data_file)
|
||||
allow artd apk_data_file:dir { rw_dir_perms create setattr relabelfrom };
|
||||
allow artd apk_data_file:file r_file_perms;
|
||||
|
||||
# Read access to vendor APKs ({/vendor,/odm}/{app,priv-app}/...).
|
||||
r_dir_file(artd, vendor_app_file)
|
||||
|
|
@ -46,8 +48,8 @@ r_dir_file(artd, vendor_framework_file)
|
|||
|
||||
# Read/write access to all compilation artifacts generated on device for apps'
|
||||
# primary dex'es. (/data/dalvik-cache/..., /data/app/.../oat/..., etc.)
|
||||
allow artd dalvikcache_data_file:dir create_dir_perms;
|
||||
allow artd dalvikcache_data_file:file create_file_perms;
|
||||
allow artd dalvikcache_data_file:dir { create_dir_perms relabelto };
|
||||
allow artd dalvikcache_data_file:file { create_file_perms relabelto };
|
||||
|
||||
# Read access to the ART APEX data directory.
|
||||
# Needed for reading the boot image generated on device.
|
||||
|
|
|
|||
Loading…
Reference in a new issue