Add SElinux policies to allow foreign dex usage tracking.

This is a special profile folder where apps will leave profile markers
for the dex files they load and don't own. System server will read the
markers and decide which apk should be fully compiled instead of
profile guide compiled.

Apps need only to be able to create (touch) files in this directory.
System server needs only to be able to check wheter or not a file with a
given name exists.

Bug: 27334750
Bug: 26080105

Change-Id: I2256e4aba1ec0e5117de6497123223b9a74f404e

app.te

@@ -116,6 +116,9 @@ allow appdomain shell_data_file:file { write getattr };
 # Write profiles /data/misc/profiles
 allow appdomain user_profile_data_file:dir { search write add_name };
 allow appdomain user_profile_data_file:file create_file_perms;
+# Profiles for foreign dex files are just markers and only need create permissions.
+allow appdomain user_profile_foreign_dex_data_file:dir { search write add_name };
+allow appdomain user_profile_foreign_dex_data_file:file create;
 
 # Send heap dumps to system_server via an already open file descriptor
 # % adb shell am set-watch-heap com.android.systemui 1048576
@@ -419,3 +422,7 @@ neverallow appdomain {
   security_file
   tmpfs
 }:lnk_file no_w_file_perms;
+
+# Foreign dex profiles are just markers. Prevent apps to do anything but touch them.
+neverallow appdomain user_profile_foreign_dex_data_file:file rw_file_perms;
+neverallow appdomain user_profile_foreign_dex_data_file:dir { open getattr read ioctl remove_name };

file.te

@@ -88,6 +88,7 @@ type dalvikcache_data_file, file_type, data_file_type;
 type ota_data_file, file_type, data_file_type;
 # /data/misc/profiles
 type user_profile_data_file, file_type, data_file_type, mlstrustedobject;
+type user_profile_foreign_dex_data_file, file_type, data_file_type, mlstrustedobject;
 # /data/resource-cache
 type resourcecache_data_file, file_type, data_file_type;
 # /data/local - writable by shell

file_contexts

@@ -294,6 +294,7 @@
 # TODO(calin) label profile reference differently so that only
 # profman run as a special user can write to them
 /data/misc/profiles/cur(/.*)?       u:object_r:user_profile_data_file:s0
+/data/misc/profiles/cur/[0-9]+/foreign-dex(/.*)? u:object_r:user_profile_foreign_dex_data_file:s0
 /data/misc/profiles/ref(/.*)?       u:object_r:user_profile_data_file:s0
 
 # Fingerprint data

installd.te

@@ -115,6 +115,8 @@ allow installd {
 # Similar for the files under /data/misc/profiles/
 allow installd user_profile_data_file:dir create_dir_perms;
 allow installd user_profile_data_file:file create_file_perms;
+allow installd user_profile_data_file:dir rmdir;
+allow installd user_profile_data_file:file unlink;
 
 # Create and use pty created by android_fork_execvp().
 allow installd devpts:chr_file rw_file_perms;

system_server.te

@@ -11,6 +11,13 @@ tmpfs_domain(system_server)
 allow system_server dalvikcache_data_file:file execute;
 allow system_server dalvikcache_data_file:dir r_dir_perms;
 
+# Enable system server to check the foreign dex usage markers.
+# We need search on top level directories so that we can get to the files
+allow system_server user_profile_data_file:dir search;
+allow system_server user_profile_data_file:file getattr;
+allow system_server user_profile_foreign_dex_data_file:dir search;
+allow system_server user_profile_foreign_dex_data_file:file getattr;
+
 # /data/resource-cache
 allow system_server resourcecache_data_file:file r_file_perms;
 allow system_server resourcecache_data_file:dir r_dir_perms;

untrusted_app.te

@@ -173,6 +173,7 @@ neverallow untrusted_app {
   -media_rw_data_file       # Internal storage. Known that apps can
                             # leave artfacts here after uninstall.
   -user_profile_data_file   # Access to profile files
+  -user_profile_foreign_dex_data_file   # Access to profile files
   userdebug_or_eng(`
     -method_trace_data_file # only on ro.debuggable=1
     -coredump_file          # userdebug/eng only