Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / b87a4b16d2d9b110047e24edeeb2528bcffd0574^! / .
commitb87a4b16d2d9b110047e24edeeb2528bcffd0574[log] [tgz]
authorFyodor Kupolov <fkupolov@google.com>Tue Mar 03 18:19:12 2015 -0800
committerFyodor Kupolov <fkupolov@google.com>Thu Apr 02 14:32:43 2015 -0700
treebad76fae1fae5391afdec994b46919fe0c664671
parentb62b2020b33eccdf4984900227a53e1cdc9f59dd [diff]
Support for storing OAT files in app directory

oat dir inside apk_tmp_file should be labeled as dalvikcache_data_file.

Bug: 19550105
Change-Id: Ie928b5f47bfc42167bf86fdf10d6913ef25d145d

diff --git a/dex2oat.te b/dex2oat.te
index f7de25d..0eb3881 100644
--- a/dex2oat.te
+++ b/dex2oat.te

@@ -13,3 +13,4 @@
 allow dex2oat asec_apk_file:file read;
 allow dex2oat unlabeled:file read;
 allow dex2oat oemfs:file read;
+allow dex2oat apk_tmp_file:file read;

diff --git a/file_contexts b/file_contexts
index e20638e..45a3549 100644
--- a/file_contexts
+++ b/file_contexts

@@ -204,7 +204,9 @@
 /data/adb(/.*)?		u:object_r:adb_data_file:s0
 /data/anr(/.*)?		u:object_r:anr_data_file:s0
 /data/app(/.*)?                       u:object_r:apk_data_file:s0
-/data/app/vmdl.*\.tmp(/.*)?           u:object_r:apk_tmp_file:s0
+/data/app/[^/]+/oat(/.*)?                u:object_r:dalvikcache_data_file:s0
+/data/app/vmdl[^/]+\.tmp(/.*)?           u:object_r:apk_tmp_file:s0
+/data/app/vmdl[^/]+\.tmp/oat(/.*)?           u:object_r:dalvikcache_data_file:s0
 /data/app-private(/.*)?               u:object_r:apk_private_data_file:s0
 /data/app-private/vmdl.*\.tmp(/.*)?   u:object_r:apk_private_tmp_file:s0
 /data/tombstones(/.*)?	u:object_r:tombstone_data_file:s0

diff --git a/installd.te b/installd.te
index 46e6b81..2187a15 100644
--- a/installd.te
+++ b/installd.te

@@ -5,11 +5,13 @@
 init_daemon_domain(installd)
 typeattribute installd mlstrustedsubject;
 allow installd self:capability { chown dac_override fowner fsetid setgid setuid };
-allow installd apk_data_file:file rename;
-allow installd apk_data_file:dir create_dir_perms;
+allow installd apk_data_file:file { rename unlink };
+allow installd dalvikcache_data_file:dir relabelto;
+allow installd apk_data_file:dir { create_dir_perms relabelfrom };
 allow installd apk_data_file:lnk_file { create read unlink };
 allow installd asec_apk_file:file r_file_perms;
-allow installd apk_tmp_file:file r_file_perms;
+allow installd apk_tmp_file:file { r_file_perms unlink };
+allow installd apk_tmp_file:dir { relabelfrom create_dir_perms };
 allow installd oemfs:dir r_dir_perms;
 allow installd oemfs:file r_file_perms;
 allow installd system_file:file x_file_perms;