commit 4c2d06c4588efb837c277cb187f85fbe8eed996b
author Andreas Gampe <agampe@google.com> Thu Feb 21 10:03:07 2019 -0800
committer Andreas Gampe <agampe@google.com> Thu Feb 28 09:24:17 2019 -0800
tree d85656e68c93d49e28d3e3bd1604e5c5e2e7433d
parent 57346a0566ca10a59f42811b0aee80784f60b514

Sepolicy: Add base runtime APEX postinstall policies

Add art_apex_postinstall domain that is allowed to move
precreated AoT artifacts from /data/ota.

Bug: 125474642
Test: m
Change-Id: Id674e202737155a4ee31187f096d1dd655001fdd

apex/com.android.runtime.debug-file_contexts

diff --git a/apex/com.android.runtime.debug-file_contexts b/apex/com.android.runtime.debug-file_contexts
index 059b52a..592975d 100644
--- a/apex/com.android.runtime.debug-file_contexts
+++ b/apex/com.android.runtime.debug-file_contexts
@@ -1,11 +1,12 @@
 #############################
 # System files
 #
-(/.*)?                        u:object_r:system_file:s0
-/bin/dex2oat(d)?              u:object_r:dex2oat_exec:s0
-/bin/dexoptanalyzer(d)?       u:object_r:dexoptanalyzer_exec:s0
-/bin/profman(d)?              u:object_r:profman_exec:s0
-/bin/linker(64)?              u:object_r:system_linker_exec:s0
-/lib(64)?(/.*)?               u:object_r:system_lib_file:s0
-/etc/tz(/.*)?                 u:object_r:system_zoneinfo_file:s0
-/bin/art_preinstall_hook(.*)? u:object_r:art_apex_preinstall_exec:s0
+(/.*)?                         u:object_r:system_file:s0
+/bin/dex2oat(d)?               u:object_r:dex2oat_exec:s0
+/bin/dexoptanalyzer(d)?        u:object_r:dexoptanalyzer_exec:s0
+/bin/profman(d)?               u:object_r:profman_exec:s0
+/bin/linker(64)?               u:object_r:system_linker_exec:s0
+/lib(64)?(/.*)?                u:object_r:system_lib_file:s0
+/etc/tz(/.*)?                  u:object_r:system_zoneinfo_file:s0
+/bin/art_preinstall_hook(.*)?  u:object_r:art_apex_preinstall_exec:s0
+/bin/art_postinstall_hook(.*)? u:object_r:art_apex_postinstall_exec:s0