dontaudit denial on the odex file of location provider.

Bug: 194054685 Test: Presubmits Change-Id: Ia636f7b32251c3b8cb018fee9216e5968d4e95ff
2022-02-16 14:11:14 +00:00 · 2022-02-16 14:11:14 +00:00 · bf58100685
commit bf58100685
parent cb1e4682c8
2 changed files with 6 additions and 1 deletions
--- a/private/bug_map
+++ b/private/bug_map
@ -25,7 +25,6 @@ netd untrusted_app_25 unix_stream_socket b/77870037
 netd untrusted_app_27 unix_stream_socket b/77870037
 netd untrusted_app_29 unix_stream_socket b/77870037
 platform_app nfc_data_file dir b/74331887
-system_server apex_art_data_file file b/194054685
 system_server crash_dump process b/73128755
 system_server overlayfs_file file b/142390309
 system_server sdcardfs file b/77856826
--- a/private/system_server.te
+++ b/private/system_server.te
@ -76,6 +76,12 @@ allow system_server sysfs_fs_f2fs:file r_file_perms;
 allow system_server { apex_art_data_file dalvikcache_data_file }:dir r_dir_perms;
 allow system_server { apex_art_data_file dalvikcache_data_file }:file r_file_perms;

+# Ignore the denial on `system@framework@com.android.location.provider.jar@classes.odex`.
+# `com.android.location.provider.jar` happens to be both a jar on system server classpath and a
+# shared library used by a system server app. The odex file is loaded fine by Zygote when it forks
+# system_server. It fails to be loaded when the jar is used as a shared library, which is expected.
+dontaudit system_server apex_art_data_file:file execute;
+
 # For release odex/vdex compress blocks
 allowxperm system_server dalvikcache_data_file:file ioctl {
  F2FS_IOC_RELEASE_COMPRESS_BLOCKS