Allow system server to lock system files. ART generically locks profile files, and this avoids special casing the ART code for read-only partitions. An example on how ART does it: https://android-review.googlesource.com/c/platform/art/+/958222/3/runtime/jit/jit.cc#731 Bug: 119800099 Test: system server locking a system file, no denial Change-Id: I4339f19af999d43e07995ddb77478a2384bbe209

commit: db3fde05b507a9c425d4a8539292a005d82a81c1 [log] [tgz]
author: Nicolas Geoffray <ngeoffray@google.com> Fri May 10 02:44:47 2019 +0100
committer: Nicolas Geoffray <ngeoffray@google.com> Fri May 10 03:00:18 2019 +0100
tree: 1041a49c939d799aedaff77dffd33096bd587caf
parent: 5a883148a0a0be3d5ceff5703f71b6e323ae24a4 [diff] [blame]
diff --git a/private/system_server.te b/private/system_server.te
index 29ef906..4bf8f8e 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -648,6 +648,9 @@
 allow system_server system_file:dir r_dir_perms;
 allow system_server system_file:lnk_file r_file_perms;
 
+# ART locks profile files.
+allow system_server system_file:file lock;
+
 # LocationManager(e.g, GPS) needs to read and write
 # to uart driver and ctrl proc entry
 allow system_server gps_control:file rw_file_perms;
commit	db3fde05b507a9c425d4a8539292a005d82a81c1	[log] [tgz]
author	Nicolas Geoffray <ngeoffray@google.com>	Fri May 10 02:44:47 2019 +0100
committer	Nicolas Geoffray <ngeoffray@google.com>	Fri May 10 03:00:18 2019 +0100
tree	1041a49c939d799aedaff77dffd33096bd587caf
parent	5a883148a0a0be3d5ceff5703f71b6e323ae24a4 [diff] [blame]