Merge "Fix memory leaks"
diff --git a/Android.bp b/Android.bp
index eeb6f6c..256262b 100644
--- a/Android.bp
+++ b/Android.bp
@@ -12,6 +12,8 @@
// See the License for the specific language governing permissions and
// limitations under the License.
+cc_defaults { name: "selinux_policy_version", cflags: ["-DSEPOLICY_VERSION=30"], }
+
se_filegroup {
name: "26.0.board.compat.map",
srcs: [
diff --git a/Android.mk b/Android.mk
index bb6cb53..ab88003 100644
--- a/Android.mk
+++ b/Android.mk
@@ -1,12 +1,9 @@
LOCAL_PATH:= $(call my-dir)
include $(LOCAL_PATH)/definitions.mk
+include $(LOCAL_PATH)/policy_version.mk
include $(CLEAR_VARS)
-# SELinux policy version.
-# Must be <= /sys/fs/selinux/policyvers reported by the Android kernel.
-# Must be within the compatibility range reported by checkpolicy -V.
-POLICYVERS ?= 30
MLS_SENS=1
MLS_CATS=1024
diff --git a/PREUPLOAD.cfg b/PREUPLOAD.cfg
index 4ff0f5e..ccb3a50 100644
--- a/PREUPLOAD.cfg
+++ b/PREUPLOAD.cfg
@@ -1,3 +1,4 @@
[Hook Scripts]
whitespace = tools/whitespace.sh ${PREUPLOAD_FILES}
aosp_hook = ${REPO_ROOT}/frameworks/base/tools/aosp/aosp_sha.sh ${PREUPLOAD_COMMIT} "."
+policy_version_check = tools/policy_version_check.sh
diff --git a/policy_version.mk b/policy_version.mk
new file mode 100644
index 0000000..e6bb747
--- /dev/null
+++ b/policy_version.mk
@@ -0,0 +1,4 @@
+# SELinux policy version.
+# Must be <= /sys/fs/selinux/policyvers reported by the Android kernel.
+# Must be within the compatibility range reported by checkpolicy -V.
+POLICYVERS ?= 30
diff --git a/private/system_server_startup.te b/private/system_server_startup.te
index bd7b2c0..ad9fb44 100644
--- a/private/system_server_startup.te
+++ b/private/system_server_startup.te
@@ -7,6 +7,13 @@
allow system_server_startup self:process execmem;
allow system_server_startup system_server_startup_tmpfs:file { execute read write open map };
+# Allow to pick up integrity-checked artifacts from the dalvik cache.
+allow system_server_startup dalvikcache_data_file:dir r_dir_perms;
+allow system_server_startup dalvikcache_data_file:file { r_file_perms execute };
+
+# While doing the above, will touch the apex mount dir.
+allow system_server_startup mnt_expand_file:dir getattr;
+
# Allow system_server_startup to run setcon() and enter the
# system_server domain
allow system_server_startup self:process setcurrent;
diff --git a/private/zygote.te b/private/zygote.te
index 29d61b4..4b8990c 100644
--- a/private/zygote.te
+++ b/private/zygote.te
@@ -44,11 +44,10 @@
allow zygote resourcecache_data_file:dir rw_dir_perms;
allow zygote resourcecache_data_file:file create_file_perms;
-# When WITH_DEXPREOPT is true, the zygote does not load executable content from
-# /data/dalvik-cache. Executable files loaded from /data is a persistence vector
-# we want to avoid. See
-# https://bugs.chromium.org/p/project-zero/issues/detail?id=955 for example.
-allow { zygote with_dexpreopt(`-zygote') } dalvikcache_data_file:file execute;
+# For updateability, the zygote may fetch the current boot
+# classpath from the dalvik cache. Integrity of the files
+# is ensured by fsverity protection (checked in art_apex_boot_integrity).
+allow zygote dalvikcache_data_file:file execute;
# Allow zygote to create JIT memory.
allow zygote self:process execmem;
diff --git a/tools/policy_version_check.sh b/tools/policy_version_check.sh
new file mode 100755
index 0000000..33ce861
--- /dev/null
+++ b/tools/policy_version_check.sh
@@ -0,0 +1,9 @@
+#!/bin/bash
+
+MK=$(awk -F= '/POLICYVERS/ { print $2 }' policy_version.mk | tr -d ' [:space:]')
+BP=$(awk -F= '/DSEPOLICY_VERSION/ { print $2 }' Android.bp | awk -F\" ' { print $1 }')
+
+if [ "$MK" != "$BP" ]; then
+ echo "POLICYVERS in Android.mk must match DSEPOLICY_VERSION in Android.bp" 1>&2
+ exit 1
+fi