2nd attempt in fixing sepolicy for shell+oatdump aosp/2876742 changed the file context of oatdump from system_file to oatdump_exec, which broke shell access on older platform versions. This change fixes the issue by changing the file context back to system_file. Also grant uprobestats rx_file_perms to system_file so it can execute oatdump. For now retain the label oatdump_exec to avoid build breakage. b/352184398. The label will be removed once it's safe to do so. Bug: 350628688 Test: m hello_uprobestats && hello_uprobestats Change-Id: Ic34c2b7d70ce4f602a4d2cd223b5a86ee23f9b0e

commit: 46e4049ce1c8e5ca31d4ba8744801c9f5e51f630 [log] [tgz]
author: Yu-Ting Tseng <yutingtseng@google.com> Tue Jul 09 19:03:39 2024 -0700
committer: Yu-Ting Tseng <yutingtseng@google.com> Tue Jul 09 19:26:24 2024 -0700
tree: 580700e032ef3192848bd240b2ef89feb20cb732
parent: 3d35cc3cee4b9b235d95e103f59c6c3378b62474 [diff] [blame]
diff --git a/private/shell.te b/private/shell.te
index d613a94..6d6e06f 100644
--- a/private/shell.te
+++ b/private/shell.te

@@ -262,6 +262,7 @@
 get_prop(shell, build_attestation_prop)
 
 # Allow shell to execute oatdump.
+# TODO (b/350628688): Remove this once it's safe to do so.
 allow shell oatdump_exec:file rx_file_perms;
 
 # Allow shell access to socket for test
commit	46e4049ce1c8e5ca31d4ba8744801c9f5e51f630	[log] [tgz]
author	Yu-Ting Tseng <yutingtseng@google.com>	Tue Jul 09 19:03:39 2024 -0700
committer	Yu-Ting Tseng <yutingtseng@google.com>	Tue Jul 09 19:26:24 2024 -0700
tree	580700e032ef3192848bd240b2ef89feb20cb732
parent	3d35cc3cee4b9b235d95e103f59c6c3378b62474 [diff] [blame]