commit 06edcd8250a249192981c7fbeea196249394b9ad
author Lokesh Gidra <lokeshgidra@google.com> Thu Mar 11 11:32:47 2021 -0800
committer Lokesh Gidra <lokeshgidra@google.com> Wed Mar 17 04:57:22 2021 -0700
tree 14d2d2d49c35789a0bd49b97a642f8d9d303e993
parent 3d52817da411821e7288c7c9d730fb42fc9a6e64

Add SELinux policy for using userfaultfd

ART runtime will be using userfaultfd for a new heap compaction
algorithm. After enabling userfaultfd in android kernels (with SELinux
support), the feature needs policy that allows { create ioctl read }
operations on userfaultfd file descriptors.

Bug: 160737021
Test: Manually tested by exercising userfaultfd ops in ART
Change-Id: I9ccb7fa9c25f91915639302715f6197d42ef988e

private/dex2oat.te

diff --git a/private/dex2oat.te b/private/dex2oat.te
index 909f94c..47ff77f 100644
--- a/private/dex2oat.te
+++ b/private/dex2oat.te
@@ -2,6 +2,8 @@
 type dex2oat, domain, coredomain;
 type dex2oat_exec, system_file_type, exec_type, file_type;
 
+userfaultfd_use(dex2oat)
+
 r_dir_file(dex2oat, apk_data_file)
 # Access to /vendor/app
 r_dir_file(dex2oat, vendor_app_file)