commit c871c1cc75372ada9821589aa414702bb74db46e
author Jiakai Zhang <jiakaiz@google.com> Tue Jul 19 21:29:31 2022 +0100
committer Jiakai Zhang <jiakaiz@google.com> Fri Jul 29 14:07:52 2022 +0000
tree 090072fc8a63a6f385fe4a68127fd866d6e30a18
parent 355ecc995e003add42eed28cc23342b22f8a81dd

Update SELinux policy for app compilation CUJ.

- Adapt installd rules for app compilation.

- Add profman rules for checking the profile before compilation. This is new behavior compared to installd.

Bug: 229268202
Test: -
  1. adb shell pm art optimize-package -m speed-profile -f \
       com.google.android.youtube
  2. See no SELinux denial.
Change-Id: Idfe1ccdb1b27fd275fdf912bc8d005551f89d4fc

apex/com.android.art-file_contexts

diff --git a/apex/com.android.art-file_contexts b/apex/com.android.art-file_contexts
index 2533cac..fd4e731 100644
--- a/apex/com.android.art-file_contexts
+++ b/apex/com.android.art-file_contexts
@@ -2,6 +2,7 @@
 # System files
 #
 (/.*)?                   u:object_r:system_file:s0
+/bin/art_exec            u:object_r:art_exec_exec:s0
 /bin/artd                u:object_r:artd_exec:s0
 /bin/dex2oat(32|64)?     u:object_r:dex2oat_exec:s0
 /bin/dexoptanalyzer      u:object_r:dexoptanalyzer_exec:s0

apex/com.android.art.debug-file_contexts

diff --git a/apex/com.android.art.debug-file_contexts b/apex/com.android.art.debug-file_contexts
index a0e9ea0..fa04b2f 100644
--- a/apex/com.android.art.debug-file_contexts
+++ b/apex/com.android.art.debug-file_contexts
@@ -2,6 +2,7 @@
 # System files
 #
 (/.*)?                         u:object_r:system_file:s0
+/bin/art_exec                  u:object_r:art_exec_exec:s0
 /bin/dex2oat(d)?(32|64)?       u:object_r:dex2oat_exec:s0
 /bin/dexoptanalyzer(d)?        u:object_r:dexoptanalyzer_exec:s0
 /bin/odrefresh                 u:object_r:odrefresh_exec:s0