# asan_extract # # This command set moves the artifact corresponding to the current slot # from /data/ota to /data/dalvik-cache. with_asan(` type asan_extract, domain, coredomain; type asan_extract_exec, exec_type, file_type; # Allow asan_extract to execute itself using #!/system/bin/sh allow asan_extract shell_exec:file rx_file_perms; # We execute log, rm, gzip and tar. allow asan_extract toolbox_exec:file rx_file_perms; allow asan_extract system_file:file execute_no_trans; # asan_extract deletes old /data/lib. allow asan_extract system_file:dir { open read remove_name rmdir write }; allow asan_extract system_file:file unlink; # asan_extract untars ASAN libraries into /data. allow asan_extract system_data_file:dir create_dir_perms ; allow asan_extract system_data_file:{ file lnk_file } create_file_perms ; # Relabel the libraries with restorecon. allow asan_extract file_contexts_file:file r_file_perms; allow asan_extract system_data_file:{ dir file } relabelfrom; allow asan_extract system_file:dir { relabelto setattr }; allow asan_extract system_file:file relabelto; # Restorecon will actually already try to run with sanitized libraries (libpackagelistparser). allow asan_extract system_data_file:file execute; # TODO - remove (b/38241921): # We use asan.restore_reboot to signal a reboot is required. set_prop(asan_extract, asan_reboot_prop) # We need to signal a reboot when done set_prop(asan_extract, powerctl_prop) ')