f8dfb5f83b
We will generate precompiled layouts as part of the package install or upgrade process. This means installd needs to be able to invoke viewcompiler. This change gives installd and viewcompiler the minimal set of permissions needed for this to work. Bug: 111895153 Test: manual Change-Id: Ic1fe60bd264c497b5f79d9e1d77c2da4e092377b
33 lines
1 KiB
Text
33 lines
1 KiB
Text
typeattribute installd coredomain;
|
|
|
|
init_daemon_domain(installd)
|
|
|
|
# Run dex2oat in its own sandbox.
|
|
domain_auto_trans(installd, dex2oat_exec, dex2oat)
|
|
|
|
# Run dexoptanalyzer in its own sandbox.
|
|
domain_auto_trans(installd, dexoptanalyzer_exec, dexoptanalyzer)
|
|
|
|
# Run viewcompiler in its own sandbox.
|
|
domain_auto_trans(installd, viewcompiler_exec, viewcompiler)
|
|
|
|
# Run profman in its own sandbox.
|
|
domain_auto_trans(installd, profman_exec, profman)
|
|
|
|
# Run idmap in its own sandbox.
|
|
domain_auto_trans(installd, idmap_exec, idmap)
|
|
|
|
# Create /data/.layout_version.* file
|
|
type_transition installd system_data_file:file install_data_file;
|
|
|
|
# For collecting bugreports.
|
|
allow installd dumpstate:fd use;
|
|
allow installd dumpstate:fifo_file r_file_perms;
|
|
|
|
# Delete /system/bin/bcc generated artifacts
|
|
allow installd app_exec_data_file:file unlink;
|
|
|
|
# Capture userdata snapshots to /data/misc_[ce|de]/rollback and
|
|
# subsequently restore them.
|
|
allow installd rollback_data_file:dir create_dir_perms;
|
|
allow installd rollback_data_file:file create_file_perms;
|