commit 23cde8776b94ff2228f3a8d845d41052af52319e
author Nick Kralevich <nnk@google.com> Sat Aug 22 01:29:18 2015 -0700
committer Nick Kralevich <nnk@google.com> Sun Aug 23 21:34:55 2015 -0700
tree e62b4bfb1abd09225b7cfa7af13fa170c206ad5b
parent acfd140c045d0bd295389a508ef6952acefb91fc

system_server: remove old dalvik JIT rules on user/userdebug builds

On user and userdebug builds, system_server only loads executable
content from /data/dalvik_cache and /system. JITing for system_server
is only supported on eng builds. Remove the rules for user and
userdebug builds.

Going forward, the plan of record is that system_server will never
use JIT functionality, instead using dex2oat or interpreted mode.

Inspired by https://android-review.googlesource.com/98944

Change-Id: I54515acaae4792085869b89f0d21b87c66137510

system_server.te

diff --git a/system_server.te b/system_server.te
index 269d6ee..5f07f65 100644
--- a/system_server.te
+++ b/system_server.te
@@ -7,10 +7,12 @@
 # Define a type for tmpfs-backed ashmem regions.
 tmpfs_domain(system_server)
 
-# Dalvik Compiler JIT Mapping.
-allow system_server self:process execmem;
-allow system_server ashmem_device:chr_file execute;
-allow system_server system_server_tmpfs:file execute;
+eng(`
+  # JIT mappings
+  allow system_server self:process execmem;
+  allow system_server ashmem_device:chr_file execute;
+  allow system_server system_server_tmpfs:file execute;
+')
 
 # For art.
 allow system_server dalvikcache_data_file:file execute;

te_macros

diff --git a/te_macros b/te_macros
index 99a9411..e455e63 100644
--- a/te_macros
+++ b/te_macros
@@ -311,6 +311,7 @@
 # SELinux rules which apply only to userdebug or eng builds
 #
 define(`userdebug_or_eng', ifelse(target_build_variant, `eng', $1, ifelse(target_build_variant, `userdebug', $1)))
+define(`eng', ifelse(target_build_variant, `eng', $1))
 
 #####################################
 # write_logd(domain)