Put dex2oat in it's own sandbox Currently, dex2oat runs in the installd sandbox, and has all the SELinux capabilities that installd does. That's too excessive. dex2oat handles untrusted user data, so we want to put it in it's own tighter sandbox. Bug: 15358102 Change-Id: I08083b84b9769e24d6dad6dbd12401987cb006be

commit: 75d63fcfd264ae741ec23dccad6bb54fa819e40c [log] [tgz]
author: Nick Kralevich <nnk@google.com> Wed Jul 02 22:59:19 2014 -0700
committer: Nick Kralevich <nnk@google.com> Thu Jul 10 15:33:11 2014 -0700
tree: 41568ebd8456ba71c8c70b2eb796a950d9b3cf14
parent: bad4e91dd2c7c043707d93b347b06d45f1f9b25b [diff] [blame]
diff --git a/file_contexts b/file_contexts
index 57fc1f2..def1e53 100644
--- a/file_contexts
+++ b/file_contexts

@@ -160,6 +160,7 @@
 /system/bin/logwrapper  u:object_r:system_file:s0
 /system/bin/vdc         u:object_r:vdc_exec:s0
 /system/bin/install-recovery.sh u:object_r:install_recovery_exec:s0
+/system/bin/dex2oat     u:object_r:dex2oat_exec:s0
 
 #############################
 # Vendor files
commit	75d63fcfd264ae741ec23dccad6bb54fa819e40c	[log] [tgz]
author	Nick Kralevich <nnk@google.com>	Wed Jul 02 22:59:19 2014 -0700
committer	Nick Kralevich <nnk@google.com>	Thu Jul 10 15:33:11 2014 -0700
tree	41568ebd8456ba71c8c70b2eb796a950d9b3cf14
parent	bad4e91dd2c7c043707d93b347b06d45f1f9b25b [diff] [blame]