Sepolicy: Allow otapreopt access to vendor overlay files A handful of APKs are vendor overlay files. Allow access. Test: m Change-Id: I791fa37a3bcb07729386047f0cda178753af9de5

commit: 30186cf611511238a52323172209f9e5f0553bdb [log] [tgz]
author: Andreas Gampe <agampe@google.com> Fri Mar 22 12:13:53 2019 -0700
committer: Andreas Gampe <agampe@google.com> Fri Mar 22 12:13:53 2019 -0700
tree: 7a0b85a579352a2dfcab651526c9418d135877cf
parent: 1a5db599ce8aaacc49cc50543cc476a4f4e7b336 [diff]
diff --git a/private/coredomain.te b/private/coredomain.te
index ebad8e7..169f6b2 100644
--- a/private/coredomain.te
+++ b/private/coredomain.te

@@ -58,6 +58,7 @@
         -idmap
         -init
         -installd
+        -postinstall_dexopt
         -rs # spawned by appdomain, so carryover the exception above
         -system_server
         -app_zygote
@@ -74,6 +75,7 @@
         -idmap
         -init
         -installd
+        -postinstall_dexopt
         -rs # spawned by appdomain, so carryover the exception above
         -system_server
         -app_zygote

diff --git a/private/postinstall_dexopt.te b/private/postinstall_dexopt.te
index a463cb6..fd370c2 100644
--- a/private/postinstall_dexopt.te
+++ b/private/postinstall_dexopt.te

@@ -32,6 +32,8 @@
 r_dir_file(postinstall_dexopt, apk_data_file)
 # Read vendor app data (APKs) as input to dex2oat.
 r_dir_file(postinstall_dexopt, vendor_app_file)
+# Read vendor overlay files (APKs) as input to dex2oat.
+r_dir_file(postinstall_dexopt, vendor_overlay_file)
 # Access to app oat directory.
 r_dir_file(postinstall_dexopt, dalvikcache_data_file)
commit	30186cf611511238a52323172209f9e5f0553bdb	[log] [tgz]
author	Andreas Gampe <agampe@google.com>	Fri Mar 22 12:13:53 2019 -0700
committer	Andreas Gampe <agampe@google.com>	Fri Mar 22 12:13:53 2019 -0700
tree	7a0b85a579352a2dfcab651526c9418d135877cf
parent	1a5db599ce8aaacc49cc50543cc476a4f4e7b336 [diff]