Allow the `shell` user to run `dex2oat`. This is required for ART's Checker tests, which are part of (host-driven) ART run-tests, and will also be required to run ART run-tests via TradeFed in AOT-compilation modes in the future. Test: Run `atest art-run-test-004-checker-UnsafeTest18` with https://android-review.googlesource.com/c/platform/tools/tradefederation/+/1484277 merged in, on a device where `adb` commands are not run as root Bug: 162408889 Bug: 147812905 Change-Id: I3e4824bf15bdbad1ddf26601f871feec11313ecc

commit: 06bee189adfa12a6d8f45909518660eea6f03b49 [log] [tgz]
author: Roland Levillain <rpl@google.com> Mon Nov 02 13:52:54 2020 +0000
committer: Roland Levillain <rpl@google.com> Mon Nov 02 21:51:27 2020 +0000
tree: 64e6e66e79ba762eb4a7884b1f87bfa68257ab75
parent: 8e307e08475d923ecbad6caf5dfaa986c38b9de2 [diff]
diff --git a/private/shell.te b/private/shell.te
index f40f89d..b4d3505 100644
--- a/private/shell.te
+++ b/private/shell.te

@@ -73,6 +73,10 @@
 # /system/bin/bcc (b/126388046)
 allow shell rs_exec:file rx_file_perms;
 
+# Allow (host-driven) ART run-tests to execute dex2oat, in order to
+# check ART's compiler.
+allow shell dex2oat_exec:file rx_file_perms;
+
 # Allow shell to start and comminicate with lpdumpd.
 set_prop(shell, lpdumpd_prop);
 binder_call(shell, lpdumpd)
commit	06bee189adfa12a6d8f45909518660eea6f03b49	[log] [tgz]
author	Roland Levillain <rpl@google.com>	Mon Nov 02 13:52:54 2020 +0000
committer	Roland Levillain <rpl@google.com>	Mon Nov 02 21:51:27 2020 +0000
tree	64e6e66e79ba762eb4a7884b1f87bfa68257ab75
parent	8e307e08475d923ecbad6caf5dfaa986c38b9de2 [diff]