Audit access to libart Grant access to all processes and audit access. The end goal is to whitelist all access to the interpreter. Several processes including dex2oat, apps, and zygote were observed using libart, so omit them from auditing and explicitly grant them access. Test: Angler builds and boots Bug: 29795519 Change-Id: I9b93c7dbef5c49b95a18fd26307955d05a1c8e88

commit: 88cef4dfef58c442d166f694cb35d8b93c259bba [log] [tgz]
author: Jeff Vander Stoep <jeffv@google.com> Mon Sep 19 13:40:25 2016 -0700
committer: Jeff Vander Stoep <jeffv@google.com> Tue Sep 27 15:09:30 2016 -0700
tree: 6bc2524f185f14b386f6857dbf868046d13b5e5d
parent: a8239c61b83be80e456d74a21b1065fa84086931 [diff] [blame]
diff --git a/file_contexts b/file_contexts
index eeda6c7..33b628a 100644
--- a/file_contexts
+++ b/file_contexts

@@ -216,7 +216,8 @@
 /system/bin/update_engine        u:object_r:update_engine_exec:s0
 /system/bin/bspatch              u:object_r:update_engine_exec:s0
 /system/bin/hw/wifi_hal_legacy   u:object_r:wifi_hal_legacy_exec:s0
-
+/system/fake-lib(64)?/libart.*   u:object_r:libart_file:s0
+/system/lib(64)?/libart.*        u:object_r:libart_file:s0
 
 #############################
 # Vendor files
commit	88cef4dfef58c442d166f694cb35d8b93c259bba	[log] [tgz]
author	Jeff Vander Stoep <jeffv@google.com>	Mon Sep 19 13:40:25 2016 -0700
committer	Jeff Vander Stoep <jeffv@google.com>	Tue Sep 27 15:09:30 2016 -0700
tree	6bc2524f185f14b386f6857dbf868046d13b5e5d
parent	a8239c61b83be80e456d74a21b1065fa84086931 [diff] [blame]