SELinux policy for on-device signing binary. Bug: 165630556 Test: no denials on boot Change-Id: I9d75659fb1eaea562c626ff54521f6dfb02da6b3

commit: 6afdb72cbb96dee8b8372274a49416a7fa0594ce [log] [tgz]
author: Martijn Coenen <maco@google.com> Fri Nov 27 12:23:54 2020 +0100
committer: Martijn Coenen <maco@google.com> Wed Feb 03 16:15:48 2021 +0100
tree: e2c2869d10db8498998b7028b7a5fc43876bcac6
parent: 6e3caf699e80ff281e1df52c4968be0deb81e901 [diff] [blame]
diff --git a/private/dex2oat.te b/private/dex2oat.te
index b71ede7..909f94c 100644
--- a/private/dex2oat.te
+++ b/private/dex2oat.te

@@ -38,6 +38,10 @@
 # Allow dex2oat to use file descriptors passed from odrefresh.
 allow dex2oat odrefresh:fd use;
 
+# Allow dex2oat to use devpts and file descriptors passed from odsign
+allow dex2oat odsign_devpts:chr_file { read write };
+allow dex2oat odsign:fd use;
+
 # Allow dex2oat to write to file descriptors from odrefresh for files
 # in the staging area.
 allow dex2oat apex_art_staging_data_file:dir r_dir_perms;
commit	6afdb72cbb96dee8b8372274a49416a7fa0594ce	[log] [tgz]
author	Martijn Coenen <maco@google.com>	Fri Nov 27 12:23:54 2020 +0100
committer	Martijn Coenen <maco@google.com>	Wed Feb 03 16:15:48 2021 +0100
tree	e2c2869d10db8498998b7028b7a5fc43876bcac6
parent	6e3caf699e80ff281e1df52c4968be0deb81e901 [diff] [blame]