e5a1f64a2e
This CLs adds SElinux policies necessary to compile secondary dex files.
When an app loads secondary dex files via the base class loader the
files will get reported to PM. During maintance mode PM will compile the
secondary dex files which were used via the standard installd model
(fork, exec, change uid and lower capabilities).
What is needed:
dexoptanalyzer - needs to read the dex file and the boot image in order
to decide if we need to actually comppile.
dex2oat - needs to be able to create *.oat files next to the secondary
dex files.
Test: devices boots
compilation of secondary dex files works without selinux denials
cmd package compile --secondary-dex -f -m speed
com.google.android.gms
Bug: 32871170
Change-Id: I038955b5bc9a72d49f6c24c1cb76276e0f53dc45
19 lines
871 B
Text
19 lines
871 B
Text
# type_transition must be private policy the domain_trans rules could stay
|
|
# public, but conceptually should go with this
|
|
# Define a type for tmpfs-backed ashmem regions.
|
|
tmpfs_domain(system_server)
|
|
# Create a socket for connections from crash_dump.
|
|
type_transition system_server system_data_file:sock_file system_ndebug_socket "ndebugsocket";
|
|
|
|
allow system_server zygote_tmpfs:file read;
|
|
|
|
# Create a socket for receiving info from wpa.
|
|
type_transition system_server wifi_data_file:sock_file system_wpa_socket;
|
|
type_transition system_server wpa_socket:sock_file system_wpa_socket;
|
|
|
|
# TODO: deal with tmpfs_domain pub/priv split properly
|
|
neverallow system_server system_server_tmpfs:file execute;
|
|
|
|
# dexoptanalyzer is currently used only for secondary dex files which
|
|
# system_server should never access.
|
|
neverallow system_server dexoptanalyzer_exec:file no_x_file_perms;
|