Update SELinux policy for Pre-reboot Dexopt. - Add pm.dexopt.* properties. - Add rules for running artd in chroot. Bug: 311377497 Test: manual - Run Pre-reboot Dexopt and see no denial. Change-Id: If5ff9b23e99be033f19ab257c90e0f52bf250ccf

commit: 4acd07323ee401fcb03e3c4d9d58bfada64ea9de [log] [tgz]
author: Jiakai Zhang <jiakaiz@google.com> Wed Mar 20 11:24:54 2024 +0000
committer: Jiakai Zhang <jiakaiz@google.com> Wed Mar 27 10:53:50 2024 +0000
tree: fe071ec18f97059b3ea49d6faf480a46cf843100
parent: 88e37d37f17672b3c580af5c43fa4da1f8d49997 [diff] [blame]
diff --git a/private/linkerconfig.te b/private/linkerconfig.te
index bd46ca4..ce26fd2 100644
--- a/private/linkerconfig.te
+++ b/private/linkerconfig.te

@@ -27,4 +27,13 @@
 allow linkerconfig postinstall_apex_mnt_dir:dir r_dir_perms;
 allow linkerconfig postinstall_apex_mnt_dir:file r_file_perms;
 
-neverallow { domain -init -linkerconfig -otapreopt_chroot } linkerconfig_exec:file no_x_file_perms;
+# Allow for use in Pre-reboot Dexopt.
+allow linkerconfig dexopt_chroot_setup:fd use;
+
+neverallow {
+  domain
+  -dexopt_chroot_setup
+  -init
+  -linkerconfig
+  -otapreopt_chroot
+} linkerconfig_exec:file no_x_file_perms;
commit	4acd07323ee401fcb03e3c4d9d58bfada64ea9de	[log] [tgz]
author	Jiakai Zhang <jiakaiz@google.com>	Wed Mar 20 11:24:54 2024 +0000
committer	Jiakai Zhang <jiakaiz@google.com>	Wed Mar 27 10:53:50 2024 +0000
tree	fe071ec18f97059b3ea49d6faf480a46cf843100
parent	88e37d37f17672b3c580af5c43fa4da1f8d49997 [diff] [blame]