Merge "dontaudit denial on the odex file of location provider." am: c1e11bbea5 am: 6ee88d68eb

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1988446

Change-Id: Ida61de471532e0ef22de4dbcf295b626809c1dd6
This commit is contained in:
Treehugger Robot 2022-02-18 09:45:43 +00:00 committed by Automerger Merge Worker
commit 8b415cd51f
2 changed files with 6 additions and 1 deletions

View file

@ -25,7 +25,6 @@ netd untrusted_app_25 unix_stream_socket b/77870037
netd untrusted_app_27 unix_stream_socket b/77870037 netd untrusted_app_27 unix_stream_socket b/77870037
netd untrusted_app_29 unix_stream_socket b/77870037 netd untrusted_app_29 unix_stream_socket b/77870037
platform_app nfc_data_file dir b/74331887 platform_app nfc_data_file dir b/74331887
system_server apex_art_data_file file b/194054685
system_server crash_dump process b/73128755 system_server crash_dump process b/73128755
system_server overlayfs_file file b/142390309 system_server overlayfs_file file b/142390309
system_server sdcardfs file b/77856826 system_server sdcardfs file b/77856826

View file

@ -76,6 +76,12 @@ allow system_server sysfs_fs_f2fs:file r_file_perms;
allow system_server { apex_art_data_file dalvikcache_data_file }:dir r_dir_perms; allow system_server { apex_art_data_file dalvikcache_data_file }:dir r_dir_perms;
allow system_server { apex_art_data_file dalvikcache_data_file }:file r_file_perms; allow system_server { apex_art_data_file dalvikcache_data_file }:file r_file_perms;
# Ignore the denial on `system@framework@com.android.location.provider.jar@classes.odex`.
# `com.android.location.provider.jar` happens to be both a jar on system server classpath and a
# shared library used by a system server app. The odex file is loaded fine by Zygote when it forks
# system_server. It fails to be loaded when the jar is used as a shared library, which is expected.
dontaudit system_server apex_art_data_file:file execute;
# For release odex/vdex compress blocks # For release odex/vdex compress blocks
allowxperm system_server dalvikcache_data_file:file ioctl { allowxperm system_server dalvikcache_data_file:file ioctl {
F2FS_IOC_RELEASE_COMPRESS_BLOCKS F2FS_IOC_RELEASE_COMPRESS_BLOCKS