From 063de1e09956d70cd8c87d6e26ff913c81cede53 Mon Sep 17 00:00:00 2001 From: Vishwath Mohan Date: Wed, 29 Mar 2017 23:03:33 -0700 Subject: [PATCH] Refactor sanitized library on-disk layout - SELinux. This CL changes the policy for ASAN files on-disk to support the changes made by the following CLs - https://android-review.googlesource.com/#/c/359087/ https://android-review.googlesource.com/#/c/359389/ which refactor the on-disk layout of sanitized libraries in the following manner - /data/lib* --> /data/asan/system/lib* /data/vendor/* --> /data/asan/vendor/* There are a couple of advantages to this, including better isolation from other components, and more transparent linker renaming and SELinux policies. (cherry picked from commit 33ebdda80fe109dd07e671a6514880d5680a6c35) Bug: 36574794 Bug: 36674745 Test: m -j40 && SANITIZE_TARGET="address" m -j40 and the device boots. All sanitized libraries are correctly located in /data/asan/*, and have the right SELinux permissions. Change-Id: Ib08e360cecc8d77754a768a9af0f7db35d6921a9 --- private/file_contexts_asan | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/private/file_contexts_asan b/private/file_contexts_asan index 5813d3264..5e756fc79 100644 --- a/private/file_contexts_asan +++ b/private/file_contexts_asan @@ -1,4 +1,4 @@ -/data/lib(/.*)? u:object_r:system_file:s0 -/data/lib64(/.*)? u:object_r:system_file:s0 -/data/vendor/lib(/.*)? u:object_r:system_file:s0 -/data/vendor/lib64(/.*)? u:object_r:system_file:s0 +/data/asan/system/lib(/.*)? u:object_r:system_file:s0 +/data/asan/system/lib64(/.*)? u:object_r:system_file:s0 +/data/asan/vendor/lib(/.*)? u:object_r:system_file:s0 +/data/asan/vendor/lib64(/.*)? u:object_r:system_file:s0