system_server: Report dalvikcache_data_file execute violations. With build/core eaa9d88cf, system_server should not be loading code from /data. Add an auditallow rule to report violations. Bug: 37214733 Test: Boot marlin, no SELinux audit lines for system_server. Change-Id: I2e25eb144503274025bd4fc9bb519555851f6521 (cherry picked from commit 665128fac38368caf9beaeec8f093bfb0391009f)

commit: 62a1b2366b738b3aea94737f24663e9f40b449e8 [log] [tgz]
author: Jorge Lucangeli Obes <jorgelo@google.com> Tue Apr 11 10:34:23 2017 -0400
committer: Jorge Lucangeli Obes <jorgelo@google.com> Wed Apr 12 10:50:40 2017 -0400
tree: 04f050a2565e231347a4ac82cea0a79d7a77c98d
parent: 976fb16bc14dfefe12f56e23a677dce99a091b14 [diff]
diff --git a/private/system_server.te b/private/system_server.te
index 0e1e89e..a4fa493 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -18,6 +18,10 @@
 # For art.
 allow system_server dalvikcache_data_file:dir r_dir_perms;
 allow system_server dalvikcache_data_file:file { r_file_perms execute };
+userdebug_or_eng(`
+  # Report dalvikcache_data_file:file execute violations.
+  auditallow system_server dalvikcache_data_file:file execute;
+')
 
 # /data/resource-cache
 allow system_server resourcecache_data_file:file r_file_perms;
commit	62a1b2366b738b3aea94737f24663e9f40b449e8	[log] [tgz]
author	Jorge Lucangeli Obes <jorgelo@google.com>	Tue Apr 11 10:34:23 2017 -0400
committer	Jorge Lucangeli Obes <jorgelo@google.com>	Wed Apr 12 10:50:40 2017 -0400
tree	04f050a2565e231347a4ac82cea0a79d7a77c98d
parent	976fb16bc14dfefe12f56e23a677dce99a091b14 [diff]