tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Additional sepolicy rules for dex2oat

Browse source 
Enable reading vendor overlay files and /proc.

Fix: 187016929
Test: m
Change-Id: I7df17b4fcc8a449abe2af4bc8394d0224243799c
This commit is contained in:
Orion Hodson 2023-01-17 14:59:34 +00:00
parent 28e9b97993
commit c09e7e4674
2 changed files with 9 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
private/coredomain.te
View file

@ -93,6 +93,8 @@ full_treble_only(`
coredomain
-appdomain
-artd
-dex2oat
-dexoptanalyzer
-idmap
-init
-installd
@ -112,6 +114,8 @@ full_treble_only(`
coredomain
-appdomain
-artd
-dex2oat
-dexoptanalyzer
-idmap
-init
-installd

5
private/dex2oat.te
View file

@ -10,6 +10,8 @@ r_dir_file(dex2oat, vendor_app_file)
# Access /vendor/framework
allow dex2oat vendor_framework_file:dir { getattr search };
allow dex2oat vendor_framework_file:file { getattr open read map };
# Access /vendor/overlay
r_dir_file(dex2oat, vendor_overlay_file);
allow dex2oat tmpfs:file { read getattr map };
@ -59,6 +61,9 @@ allow dex2oat apex_info_file:file r_file_perms;
# Allow dex2oat to use file descriptors passed from privileged programs.
allow dex2oat { artd installd odrefresh odsign }:fd use;
# Allow dex2oat to read the /proc filesystem for CPU features, etc.
allow dex2oat proc_filesystems:file r_file_perms;
##################
# A/B OTA Dexopt #
##################