8f75f76fbd
odrefresh is the process responsible for checking and creating ART compilation artifacts that live in the ART APEX data directory (/data/misc/apexdata/com.android.art). There are two types of change here: 1) enabling odrefresh to run dex2oat and write updated boot class path and system server AOT artifacts into the ART APEX data directory. 2) enabling the zygote and assorted diagnostic tools to use the updated AOT artifacts. odrefresh uses two file contexts: apex_art_data_file and apex_art_staging_data_file. When odrefresh invokes dex2oat, the generated files have the apex_art_staging_data_file label (which allows writing). odrefresh then moves these files from the staging area to their installation area and gives them the apex_art_data_file label. Bug: 160683548 Test: adb root && adb shell /apex/com.android.art/bin/odrefresh Change-Id: I9fa290e0c9c1b7b82be4dacb9f2f8cb8c11e4895
56 lines
2 KiB
Text
56 lines
2 KiB
Text
domain_auto_trans(vold, vold_prepare_subdirs_exec, vold_prepare_subdirs)
|
|
|
|
typeattribute vold_prepare_subdirs mlstrustedsubject;
|
|
|
|
allow vold_prepare_subdirs system_file:file execute_no_trans;
|
|
allow vold_prepare_subdirs shell_exec:file rx_file_perms;
|
|
allow vold_prepare_subdirs toolbox_exec:file rx_file_perms;
|
|
allow vold_prepare_subdirs devpts:chr_file rw_file_perms;
|
|
allow vold_prepare_subdirs vold:fd use;
|
|
allow vold_prepare_subdirs vold:fifo_file { read write };
|
|
allow vold_prepare_subdirs file_contexts_file:file r_file_perms;
|
|
allow vold_prepare_subdirs self:global_capability_class_set { chown dac_override dac_read_search fowner };
|
|
allow vold_prepare_subdirs self:process setfscreate;
|
|
allow vold_prepare_subdirs {
|
|
system_data_file
|
|
vendor_data_file
|
|
}:dir { open read write add_name remove_name rmdir relabelfrom };
|
|
allow vold_prepare_subdirs {
|
|
apex_art_data_file
|
|
apex_module_data_file
|
|
apex_permission_data_file
|
|
apex_rollback_data_file
|
|
apex_wifi_data_file
|
|
backup_data_file
|
|
face_vendor_data_file
|
|
fingerprint_vendor_data_file
|
|
iris_vendor_data_file
|
|
rollback_data_file
|
|
storaged_data_file
|
|
system_data_file
|
|
vold_data_file
|
|
}:dir { create_dir_perms relabelto };
|
|
allow vold_prepare_subdirs {
|
|
apex_art_data_file
|
|
apex_art_staging_data_file
|
|
apex_module_data_file
|
|
apex_permission_data_file
|
|
apex_rollback_data_file
|
|
apex_wifi_data_file
|
|
backup_data_file
|
|
face_vendor_data_file
|
|
fingerprint_vendor_data_file
|
|
iris_vendor_data_file
|
|
rollback_data_file
|
|
storaged_data_file
|
|
system_data_file
|
|
vold_data_file
|
|
}:file { getattr unlink };
|
|
allow vold_prepare_subdirs apex_mnt_dir:dir { open read };
|
|
allow vold_prepare_subdirs mnt_expand_file:dir search;
|
|
allow vold_prepare_subdirs user_profile_data_file:dir { search getattr relabelfrom };
|
|
allow vold_prepare_subdirs user_profile_root_file:dir { search getattr relabelfrom relabelto };
|
|
# /data/misc is unlabeled during early boot.
|
|
allow vold_prepare_subdirs unlabeled:dir search;
|
|
|
|
dontaudit vold_prepare_subdirs { proc unlabeled }:file r_file_perms;
|