dontaudit denial on the odex file of location provider. Bug: 194054685 Test: Presubmits Change-Id: Ia636f7b32251c3b8cb018fee9216e5968d4e95ff

commit: bf581006855285801a58ff1dab324dda68640403 [log] [tgz]
author: Jiakai Zhang <jiakaiz@google.com> Wed Feb 16 14:11:14 2022 +0000
committer: Jiakai Zhang <jiakaiz@google.com> Wed Feb 16 14:12:49 2022 +0000
tree: 9966efe0f420f8b120d48f0c76b811d03e5b9ed4
parent: cb1e4682c8ef917c1c37b69722029d2b38235a29 [diff] [blame]
diff --git a/private/system_server.te b/private/system_server.te
index fa66ff1..682be60 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -76,6 +76,12 @@
 allow system_server { apex_art_data_file dalvikcache_data_file }:dir r_dir_perms;
 allow system_server { apex_art_data_file dalvikcache_data_file }:file r_file_perms;
 
+# Ignore the denial on `system@framework@com.android.location.provider.jar@classes.odex`.
+# `com.android.location.provider.jar` happens to be both a jar on system server classpath and a
+# shared library used by a system server app. The odex file is loaded fine by Zygote when it forks
+# system_server. It fails to be loaded when the jar is used as a shared library, which is expected.
+dontaudit system_server apex_art_data_file:file execute;
+
 # For release odex/vdex compress blocks
 allowxperm system_server dalvikcache_data_file:file ioctl {
   F2FS_IOC_RELEASE_COMPRESS_BLOCKS
commit	bf581006855285801a58ff1dab324dda68640403	[log] [tgz]
author	Jiakai Zhang <jiakaiz@google.com>	Wed Feb 16 14:11:14 2022 +0000
committer	Jiakai Zhang <jiakaiz@google.com>	Wed Feb 16 14:12:49 2022 +0000
tree	9966efe0f420f8b120d48f0c76b811d03e5b9ed4
parent	cb1e4682c8ef917c1c37b69722029d2b38235a29 [diff] [blame]