Add dex2oat permissions to open and read the tmp apk. The PackageManager now passes previous code paths to dex2oat as shared libraries. dex2oat needs extra permissions in order to access and open the oat files of these libraries (if they were compiled). Part of a multi-project change. Bug: 34169257 Test: cts-tradefed run singleCommand cts -d --module CtsAppSecurityHostTestCases -t android.appsecurity.cts.SplitTests (cherry-picked from commit 1103f963a7f2a23212e8ba8c6b5e9cc5f1f9bb26) Change-Id: I3cf810ef5f4f4462f6082dc30d3a7b144dcce0d9

commit: 37f5c2d9ebf89d8929f6f5500fd92cdb8daeab10 [log] [tgz]
author: Jeff Hao <jeffhao@google.com> Wed Apr 05 15:49:05 2017 -0700
committer: Jeff Hao <jeffhao@google.com> Wed Apr 19 11:00:34 2017 -0700
tree: 291de7191297b23439998b01d7d6a510fbc4873f
parent: 6c80fcba4dda44cb46b8fbf500baee472fd20065 [diff]
diff --git a/public/dex2oat.te b/public/dex2oat.te
index 2fb2336..4551e58 100644
--- a/public/dex2oat.te
+++ b/public/dex2oat.te

@@ -27,7 +27,8 @@
 allow dex2oat asec_apk_file:file read;
 allow dex2oat unlabeled:file read;
 allow dex2oat oemfs:file read;
-allow dex2oat apk_tmp_file:file read;
+allow dex2oat apk_tmp_file:dir search;
+allow dex2oat apk_tmp_file:file r_file_perms;
 allow dex2oat user_profile_data_file:file { getattr read lock };
 
 # Allow dex2oat to compile app's secondary dex files which were reported back to
commit	37f5c2d9ebf89d8929f6f5500fd92cdb8daeab10	[log] [tgz]
author	Jeff Hao <jeffhao@google.com>	Wed Apr 05 15:49:05 2017 -0700
committer	Jeff Hao <jeffhao@google.com>	Wed Apr 19 11:00:34 2017 -0700
tree	291de7191297b23439998b01d7d6a510fbc4873f
parent	6c80fcba4dda44cb46b8fbf500baee472fd20065 [diff]