platform_system_sepolicy/public
Calin Juravle ebcec9b8bb Allow profman to analyze profiles for the secondary dex files
The secondary dex files are application dex files which gets reported
back to the framework when using BaseDexClassLoader.

Also, give dex2oat lock permissions as it needs to lock the profile
during compilation.

Example of SElinux denial:
03-15 12:38:46.967  7529  7529 I profman : type=1400 audit(0.0:225):
avc: denied { read } for
path="/data/data/com.google.android.googlequicksearchbox/files/velour/verified_jars/JDM5LaUbYP1JPOLzJ81GLzg_1.jar.prof"
dev="sda35" ino=877915 scontext=u:r:profman:s0
tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=file permissive=1

Test: adb shell cmd package bg-dexopt-job works for sercondary dex files
Bug: 26719109
Change-Id: Ie1890d8e36c062450bd6c54f4399fc0730767dbf
2017-03-15 18:47:13 -07:00
..
adbd.te Move adbd policy to private 2017-02-07 09:55:05 -08:00
attributes sepolicy: Make wpa_supplicant a HIDL service 2017-03-07 01:34:28 +00:00
audioserver.te Move audioserver policy to private 2017-02-07 10:47:18 -08:00
blkid.te Move blkid policy to private 2017-02-07 23:57:53 +00:00
blkid_untrusted.te Move blkid policy to private 2017-02-07 23:57:53 +00:00
bluetooth.te Move bluetooth policy to private 2017-02-06 15:29:10 -08:00
boot_control_hal.te
bootanim.te Allow bootanimation to talk to hwservicemanager. 2017-02-17 09:14:17 +00:00
bootstat.te logd: restrict access to /dev/event-log-tags 2017-01-31 15:50:15 +00:00
bufferhubd.te Add policies for new services. 2017-02-09 15:15:11 -08:00
cameraserver.te Add documentation on neverallow rules 2017-02-17 22:37:23 +00:00
charger.te healthd: create SEPolicy for 'charger' and reduce healthd's scope 2016-12-15 18:17:13 -08:00
clatd.te
cppreopts.te
crash_dump.te crash_dump: allow appending to pipes. 2017-02-15 17:29:50 -08:00
device.te Auditing init and ueventd access to chr device files. 2017-01-13 17:38:39 +00:00
dex2oat.te Allow profman to analyze profiles for the secondary dex files 2017-03-15 18:47:13 -07:00
dhcp.te
dnsmasq.te remove more domain_deprecated 2016-12-09 19:57:43 -08:00
domain.te Allow fallback crash dumping for seccomped processes. 2017-03-07 15:53:46 -08:00
domain_deprecated.te sepolicy: Make wpa_supplicant a HIDL service 2017-03-07 01:34:28 +00:00
drmserver.te Merge ephemeral data and apk files into app 2017-02-06 10:16:50 -08:00
dumpstate.te SElinux: Clean up code related to foreign dex use 2017-03-07 10:59:26 -08:00
ephemeral_app.te Move ephemeral_app policy to private 2017-01-09 15:34:27 -08:00
file.te Make /proc/sys/kernel/perf_event_max_sample_rate accessible to untrusted_app. 2017-03-07 11:05:55 -08:00
fingerprintd.te te_macros: introduce add_service() macro 2017-01-26 04:43:16 +00:00
fsck.te fsck: allow stat access on /dev/block files 2017-02-17 12:47:25 -08:00
fsck_untrusted.te fsck: allow stat access on /dev/block files 2017-02-17 12:47:25 -08:00
gatekeeperd.te Remove hal_gatekeeper from gatekeeperd domain 2017-01-26 07:17:51 -08:00
global_macros Remove obsolete netlink_firewall_socket and netlink_ip6fw_socket classes. 2017-02-06 14:24:41 -05:00
hal_allocator.te haldomain: add hwbinder_use 2017-01-18 09:47:50 -08:00
hal_audio.te hal_audio: Allow writing dump info into pipes 2017-03-09 14:32:16 -08:00
hal_bluetooth.te Allow the Bluetooth HAL to toggle rfkill 2017-02-22 20:12:16 +00:00
hal_boot.te Move hal_*_default policy to vendor image 2017-02-14 18:35:50 -08:00
hal_camera.te Camera: hal_camera FD access update 2017-03-05 14:34:25 -08:00
hal_contexthub.te haldomain: add hwbinder_use 2017-01-18 09:47:50 -08:00
hal_drm.te Switch DRM HAL policy to _client/_server 2017-02-17 15:36:41 -08:00
hal_dumpstate.te Switch Dumpstate HAL policy to _client/_server 2017-02-22 10:15:24 -08:00
hal_fingerprint.te Switch Fingerprint HAL policy to _client/_server 2017-02-21 16:11:25 -08:00
hal_gatekeeper.te haldomain: add hwbinder_use 2017-01-18 09:47:50 -08:00
hal_gnss.te haldomain: add hwbinder_use 2017-01-18 09:47:50 -08:00
hal_graphics_allocator.te haldomain: add hwbinder_use 2017-01-18 09:47:50 -08:00
hal_graphics_composer.te Allow hwcomposer to change scheduling policy 2017-02-13 09:02:04 -08:00
hal_health.te haldomain: add hwbinder_use 2017-01-18 09:47:50 -08:00
hal_ir.te haldomain: add hwbinder_use 2017-01-18 09:47:50 -08:00
hal_keymaster.te Switch Keymaster HAL policy to _client/_server 2017-02-22 20:18:28 -08:00
hal_light.te hal_light: add permission to sys/class/leds. 2017-01-20 00:17:11 +00:00
hal_nfc.te haldomain: add hwbinder_use 2017-01-18 09:47:50 -08:00
hal_sensors.te Allow sensor HALs to access ashmem memory regions. 2017-02-17 15:45:16 -08:00
hal_telephony.te haldomain: add hwbinder_use 2017-01-18 09:47:50 -08:00
hal_thermal.te haldomain: add hwbinder_use 2017-01-18 09:47:50 -08:00
hal_usb.te sepolicy for usb hal 2017-01-27 00:05:19 +00:00
hal_vibrator.te haldomain: add hwbinder_use 2017-01-18 09:47:50 -08:00
hal_vr.te haldomain: add hwbinder_use 2017-01-18 09:47:50 -08:00
hal_wifi.te sepolicy: Allow hal_wifi to set wlan driver status prop 2017-03-03 09:32:03 -08:00
hal_wifi_supplicant.te sepolicy: Make wpa_supplicant a HIDL service 2017-03-07 01:34:28 +00:00
healthd.te te_macros: introduce add_service() macro 2017-01-26 04:43:16 +00:00
hostapd.te
hwservicemanager.te hwbinder_use: allow for hwservicemanager callbacks. 2016-12-15 14:17:27 -08:00
idmap.te Add service 'overlay' to service_contexts 2017-02-22 11:28:15 -08:00
incident.te Add incident command and incidentd daemon se policy. 2017-02-07 15:52:07 -08:00
incidentd.te Add incident command and incidentd daemon se policy. 2017-02-07 15:52:07 -08:00
init.te init.te: only allow wifi tracing restorecon twice 2017-03-05 22:29:28 -08:00
inputflinger.te te_macros: introduce add_service() macro 2017-01-26 04:43:16 +00:00
install_recovery.te install_recovery.te: remove domain_deprecated 2017-01-09 16:47:36 +00:00
installd.te SElinux: Clean up code related to foreign dex use 2017-03-07 10:59:26 -08:00
ioctl_defines
ioctl_macros Add TCSETS to unpriv_tty_ioctls 2016-12-07 15:59:34 -08:00
isolated_app.te Move isolated_app policy to private 2017-01-05 16:06:54 -08:00
kernel.te kernel: neverallow dac_{override,read_search} perms 2017-02-22 14:33:08 -08:00
keystore.te Switch Keymaster HAL policy to _client/_server 2017-02-22 20:18:28 -08:00
lmkd.te more ephemeral_app cleanup 2017-01-20 14:35:17 +00:00
logd.te logd: add getEventTag command and service 2017-01-31 15:50:42 +00:00
logpersist.te logpersist: do not permit dynamic transition to domain 2016-12-29 09:29:36 -08:00
mdnsd.te Move mdnsd policy to private 2017-02-06 15:02:32 -08:00
mediacodec.te Allow fallback crash dumping for seccomped processes. 2017-03-07 15:53:46 -08:00
mediadrmserver.te MediaCAS: adding media.cas to service 2017-02-28 12:31:45 -08:00
mediaextractor.te Allow fallback crash dumping for seccomped processes. 2017-03-07 15:53:46 -08:00
mediametrics.te Add documentation on neverallow rules 2017-02-17 22:37:23 +00:00
mediaserver.te Camera: hal_camera FD access update 2017-03-05 14:34:25 -08:00
mtp.te
net.te Move netdomain policy to private 2017-02-06 15:02:00 -08:00
netd.te netd.te: drop dccp_socket support 2017-02-27 09:23:31 -08:00
neverallow_macros
nfc.te te_macros: introduce add_service() macro 2017-01-26 04:43:16 +00:00
otapreopt_chroot.te
otapreopt_slot.te
performanced.te Add policies for new services. 2017-02-09 15:15:11 -08:00
perfprofd.te Fix build. 2016-12-06 16:49:25 -08:00
platform_app.te Move platform_app policy to private 2017-01-09 14:52:59 -08:00
postinstall.te
postinstall_dexopt.te
ppp.te domain_deprecated.te: remove /proc/net access 2016-11-30 15:23:26 -08:00
preopt2cachename.te
priv_app.te Move priv_app policy to private 2017-01-05 15:44:32 -08:00
profman.te Allow profman to analyze profiles for the secondary dex files 2017-03-15 18:47:13 -07:00
property.te make ro.persistent_properties.ready accessible for hidl client 2017-03-01 12:31:04 -08:00
racoon.te remove setuid SELinux capability for racoon. 2017-02-22 03:31:23 +00:00
radio.te te_macros: introduce add_service() macro 2017-01-26 04:43:16 +00:00
recovery.te Remove SElinux audit to libart_file 2017-01-31 23:43:14 +00:00
recovery_persist.te sepolicy: add version_policy tool and version non-platform policy. 2016-12-06 08:56:02 -08:00
recovery_refresh.te sepolicy: add version_policy tool and version non-platform policy. 2016-12-06 08:56:02 -08:00
rild.te Move rild to vendor partition. 2017-02-23 16:20:07 -08:00
roles sepolicy: add version_policy tool and version non-platform policy. 2016-12-06 08:56:02 -08:00
runas.te
sdcardd.te Remove logspam 2017-02-10 12:06:38 -08:00
sensord.te Add policies for new services. 2017-02-09 15:15:11 -08:00
service.te sepolicy: Make wpa_supplicant a HIDL service 2017-03-07 01:34:28 +00:00
servicemanager.te Remove domain_deprecated from some domains. 2016-11-25 17:37:30 -08:00
sgdisk.te remove more domain_deprecated 2016-12-09 19:57:43 -08:00
shared_relro.te Restore app_domain macro and move to private use. 2016-12-08 14:42:43 -08:00
shell.te shell.te: hwbinder for lshal 2017-02-13 15:42:42 -08:00
slideshow.te
su.te Introduce crash_dump debugging helper. 2017-01-18 15:03:24 -08:00
surfaceflinger.te Move surfaceflinger policy to private 2017-02-07 10:06:12 -08:00
system_app.te Move system_app policy to private 2017-01-05 17:20:28 -08:00
system_server.te Move system_server policy to private 2017-02-07 20:24:05 +00:00
te_macros Allow writing to tombstone files in crash_dump_fallback. 2017-03-12 19:03:29 -07:00
tee.te
tombstoned.te tombstoned: temporarily allow write to anr_data_file. 2017-01-23 12:54:03 -08:00
toolbox.te
tzdatacheck.te remove more domain_deprecated 2016-12-09 19:57:43 -08:00
ueventd.te Removing init and ueventd access to generic char files 2017-02-01 21:35:08 +00:00
uncrypt.te
untrusted_app.te Move untrusted_app policy to private 2017-01-05 14:39:52 -08:00
untrusted_app_25.te untrusted_app: policy versioning based on targetSdkVersion 2017-02-14 13:30:12 -08:00
untrusted_v2_app.te Add new untrusted_v2_app domain 2017-02-21 12:39:55 -08:00
update_engine.te update_engine: Allow to tag sockets. 2017-02-23 18:37:45 -08:00
update_engine_common.te Label /proc/misc 2017-03-03 12:20:38 -08:00
update_verifier.te Allow update_verifier to read dm blocks 2017-02-03 21:00:30 +00:00
vdc.te remove more domain_deprecated 2016-12-09 19:57:43 -08:00
virtual_touchpad.te Add policies for new services. 2017-02-09 15:15:11 -08:00
vold.te SElinux: Clean up code related to foreign dex use 2017-03-07 10:59:26 -08:00
watchdogd.te
webview_zygote.te Move webview_zygote policy to private 2017-01-27 17:01:43 +00:00
wificond.te te_macros: introduce add_service() macro 2017-01-26 04:43:16 +00:00
zygote.te Move zygote policy to private 2017-01-26 13:31:16 -08:00