type composd, domain, coredomain; type composd_exec, system_file_type, exec_type, file_type; # Host dynamic AIDL services init_daemon_domain(composd) binder_use(composd) add_service(composd, compos_service) # Call back into system server binder_call(composd, system_server) # Start a VM virtualizationservice_use(composd) # Prepare staging directory for odrefresh allow composd apex_art_data_file:dir { create_dir_perms relabelfrom }; allow composd apex_art_staging_data_file:dir { create_dir_perms relabelto }; allow composd apex_art_staging_data_file:file { getattr unlink }; # Delete files in the odrefresh target directory allow composd apex_art_data_file:file unlink; # Access our APEX data files allow composd apex_module_data_file:dir search; allow composd apex_compos_data_file:dir create_dir_perms; allow composd apex_compos_data_file:file create_file_perms; # TODO(b/209008712): Remove these when we run odrefresh in the VM # Run odrefresh to refresh ART artifacts, and kill it if we need to domain_auto_trans(composd, odrefresh_exec, odrefresh) allow composd odrefresh:process sigkill; # Run fd_server in its own domain, and send SIGTERM when finished. domain_auto_trans(composd, fd_server_exec, compos_fd_server) allow composd compos_fd_server:process signal; # Read ART's properties get_prop(composd, dalvik_config_prop) # We never create any artifact files directly neverallow composd apex_art_data_file:file ~unlink;