PWN-Hunter/android_system_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add dex2oat permissions to open and read the tmp apk.

Browse Source 
The PackageManager now passes previous code paths to dex2oat as shared
libraries. dex2oat needs extra permissions in order to access and open
the oat files of these libraries (if they were compiled).

Part of a multi-project change.

Bug: 34169257
Test: cts-tradefed run singleCommand cts -d --module
CtsAppSecurityHostTestCases -t android.appsecurity.cts.SplitTests

Merged-In: I7b9cfd7f3c3509f3e41f0590ab650bd85faab340
(cherry-picked from commit 1103f963a7)

Change-Id: I6d69d463af7a0a93391dd4b7edd5b700012ba58c
This commit is contained in:
Jeff Hao 2017-04-05 15:49:05 -07:00
parent 9f152d98ea
commit 661910644f
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
public/dex2oat.te
View File

@ -19,7 +19,8 @@ allow dex2oat installd:fd use;
allow dex2oat asec_apk_file:file read; allow dex2oat asec_apk_file:file read;
allow dex2oat unlabeled:file read; allow dex2oat unlabeled:file read;
allow dex2oat oemfs:file read; allow dex2oat oemfs:file read;
allow dex2oat apk_tmp_file:file read; allow dex2oat apk_tmp_file:dir search;
allow dex2oat apk_tmp_file:file r_file_perms;
allow dex2oat user_profile_data_file:file { getattr read lock }; allow dex2oat user_profile_data_file:file { getattr read lock };
# Allow dex2oat to compile app's secondary dex files which were reported back to # Allow dex2oat to compile app's secondary dex files which were reported back to