817c49f74c
Bug: 311377497 Test: manual - Call getDexoptChrootSetupServiceRegisterer().waitForService() Test: manual - Set up a chroot environment and call getArtdPreRebootServiceRegisterer().waitForService() Change-Id: I50b5f7f858dab37f05174cb9787f64303d50d083
23 lines
1 KiB
Text
23 lines
1 KiB
Text
type dexopt_chroot_setup, domain, coredomain;
|
|
type dexopt_chroot_setup_exec, system_file_type, exec_type, file_type;
|
|
type dexopt_chroot_setup_tmpfs, file_type;
|
|
|
|
# Allow dexopt_chroot_setup to publish a binder service and make binder calls.
|
|
binder_use(dexopt_chroot_setup)
|
|
add_service(dexopt_chroot_setup, dexopt_chroot_setup_service)
|
|
allow dexopt_chroot_setup dumpstate:fifo_file { getattr write };
|
|
allow dexopt_chroot_setup dumpstate:fd use;
|
|
|
|
init_daemon_domain(dexopt_chroot_setup)
|
|
|
|
# Use tmpfs_domain() which will give tmpfs files created by dexopt_chroot_setup their
|
|
# own label, which differs from other labels created by other processes.
|
|
# This allows to distinguish in policy files created by dexopt_chroot_setup vs other
|
|
# processes.
|
|
tmpfs_domain(dexopt_chroot_setup)
|
|
|
|
# libart (mark_compact.cc) has some intialization code that touches the cache
|
|
# info file and userfaultfd.
|
|
allow dexopt_chroot_setup apex_module_data_file:dir { getattr search };
|
|
r_dir_file(dexopt_chroot_setup, apex_art_data_file)
|
|
userfaultfd_use(dexopt_chroot_setup)
|