270be6e86a
dex2oat fails when upgrading unlabeled asec containers.
Steps to reproduce:
1) Install a forward locked app on Android 4.1
adb install -l foo.apk
2) Upgrade to tip-of-tree
Addresses the following denial:
<4>[ 379.886665] type=1400 audit(1405549869.210:4): avc: denied { read } for pid=2389 comm="dex2oat" path="/mnt/asec/jackpal.androidterm-1/pkg.apk" dev=dm-0 ino=12 scontext=u:r:dex2oat:s0 tcontext=u:object_r:unlabeled:s0 tclass=file
Change-Id: I58dc6ebe61a5b5840434077a55f1afbeed602137
12 lines
383 B
Text
12 lines
383 B
Text
# dex2oat
|
|
type dex2oat, domain;
|
|
type dex2oat_exec, exec_type, file_type;
|
|
|
|
allow dex2oat dalvikcache_data_file:file write;
|
|
allow dex2oat installd:fd use;
|
|
|
|
# Read already open asec_apk_file file descriptors passed by installd.
|
|
# Also allow reading unlabeled files, to allow for upgrading forward
|
|
# locked APKs.
|
|
allow dex2oat asec_apk_file:file read;
|
|
allow dex2oat unlabeled:file read;
|