From b87a4b16d2d9b110047e24edeeb2528bcffd0574 Mon Sep 17 00:00:00 2001 From: Fyodor Kupolov Date: Tue, 3 Mar 2015 18:19:12 -0800 Subject: [PATCH] Support for storing OAT files in app directory oat dir inside apk_tmp_file should be labeled as dalvikcache_data_file. Bug: 19550105 Change-Id: Ie928b5f47bfc42167bf86fdf10d6913ef25d145d --- dex2oat.te | 1 + file_contexts | 4 +++- installd.te | 8 +++++--- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/dex2oat.te b/dex2oat.te index f7de25d65..0eb3881e9 100644 --- a/dex2oat.te +++ b/dex2oat.te @@ -13,3 +13,4 @@ allow dex2oat installd:fd use; allow dex2oat asec_apk_file:file read; allow dex2oat unlabeled:file read; allow dex2oat oemfs:file read; +allow dex2oat apk_tmp_file:file read; diff --git a/file_contexts b/file_contexts index e20638e38..45a3549c0 100644 --- a/file_contexts +++ b/file_contexts @@ -204,7 +204,9 @@ /data/adb(/.*)? u:object_r:adb_data_file:s0 /data/anr(/.*)? u:object_r:anr_data_file:s0 /data/app(/.*)? u:object_r:apk_data_file:s0 -/data/app/vmdl.*\.tmp(/.*)? u:object_r:apk_tmp_file:s0 +/data/app/[^/]+/oat(/.*)? u:object_r:dalvikcache_data_file:s0 +/data/app/vmdl[^/]+\.tmp(/.*)? u:object_r:apk_tmp_file:s0 +/data/app/vmdl[^/]+\.tmp/oat(/.*)? u:object_r:dalvikcache_data_file:s0 /data/app-private(/.*)? u:object_r:apk_private_data_file:s0 /data/app-private/vmdl.*\.tmp(/.*)? u:object_r:apk_private_tmp_file:s0 /data/tombstones(/.*)? u:object_r:tombstone_data_file:s0 diff --git a/installd.te b/installd.te index 46e6b8112..2187a1568 100644 --- a/installd.te +++ b/installd.te @@ -5,11 +5,13 @@ type installd_exec, exec_type, file_type; init_daemon_domain(installd) typeattribute installd mlstrustedsubject; allow installd self:capability { chown dac_override fowner fsetid setgid setuid }; -allow installd apk_data_file:file rename; -allow installd apk_data_file:dir create_dir_perms; +allow installd apk_data_file:file { rename unlink }; +allow installd dalvikcache_data_file:dir relabelto; +allow installd apk_data_file:dir { create_dir_perms relabelfrom }; allow installd apk_data_file:lnk_file { create read unlink }; allow installd asec_apk_file:file r_file_perms; -allow installd apk_tmp_file:file r_file_perms; +allow installd apk_tmp_file:file { r_file_perms unlink }; +allow installd apk_tmp_file:dir { relabelfrom create_dir_perms }; allow installd oemfs:dir r_dir_perms; allow installd oemfs:file r_file_perms; allow installd system_file:file x_file_perms;