system_server: remove old dalvik JIT rules on user/userdebug builds
On user and userdebug builds, system_server only loads executable content from /data/dalvik_cache and /system. JITing for system_server is only supported on eng builds. Remove the rules for user and userdebug builds. Going forward, the plan of record is that system_server will never use JIT functionality, instead using dex2oat or interpreted mode. Inspired by https://android-review.googlesource.com/98944 Change-Id: I54515acaae4792085869b89f0d21b87c66137510
This commit is contained in:
parent
acfd140c04
commit
23cde8776b
@ -7,10 +7,12 @@ type system_server, domain, mlstrustedsubject;
|
||||
# Define a type for tmpfs-backed ashmem regions.
|
||||
tmpfs_domain(system_server)
|
||||
|
||||
# Dalvik Compiler JIT Mapping.
|
||||
allow system_server self:process execmem;
|
||||
allow system_server ashmem_device:chr_file execute;
|
||||
allow system_server system_server_tmpfs:file execute;
|
||||
eng(`
|
||||
# JIT mappings
|
||||
allow system_server self:process execmem;
|
||||
allow system_server ashmem_device:chr_file execute;
|
||||
allow system_server system_server_tmpfs:file execute;
|
||||
')
|
||||
|
||||
# For art.
|
||||
allow system_server dalvikcache_data_file:file execute;
|
||||
|
@ -311,6 +311,7 @@ define(`recovery_only', ifelse(target_recovery, `true', $1, ))
|
||||
# SELinux rules which apply only to userdebug or eng builds
|
||||
#
|
||||
define(`userdebug_or_eng', ifelse(target_build_variant, `eng', $1, ifelse(target_build_variant, `userdebug', $1)))
|
||||
define(`eng', ifelse(target_build_variant, `eng', $1))
|
||||
|
||||
#####################################
|
||||
# write_logd(domain)
|
||||
|
Loading…
Reference in New Issue
Block a user