sepolicy: policies for iorap.inode2filename binary transitions are as follows: iorapd (fork/exec) -> iorap.cmd.compiler (fork/exec) -> iorap.inode2filename Bug: 117840092 Test: adb shell cmd jobscheduler run -f android 28367305 Change-Id: I4249fcd37d2c8cbdd0ae1a0505983cce9c7fa7c6

commit: e39f8d23ede078a10653da7ef78c3c3ec5e591cf [log] [tgz]
author: Igor Murashkin <iam@google.com> Wed Feb 12 16:28:19 2020 -0800
committer: Igor Murashkin <iam@google.com> Thu Feb 20 16:38:17 2020 -0800
tree: b47405f28066a8602a220f53e80392ba84830bc1
parent: b8c108e15f2523c6bb936b7e434a80efac6a9234 [diff] [blame]
diff --git a/private/iorap_inode2filename.te b/private/iorap_inode2filename.te
new file mode 100644
index 0000000..96b7bc2
--- /dev/null
+++ b/private/iorap_inode2filename.te

@@ -0,0 +1,9 @@
+typeattribute iorap_inode2filename coredomain;
+
+# Grant access to open most of the files under /
+allow iorap_inode2filename dalvikcache_data_file:dir { getattr open read search };
+allow iorap_inode2filename dalvikcache_data_file:file { getattr };
+allow iorap_inode2filename dex2oat_exec:lnk_file { getattr open read };
+allow iorap_inode2filename dexoptanalyzer_exec:file { getattr };
+allow iorap_inode2filename storaged_data_file:dir { getattr open read search };
+allow iorap_inode2filename storaged_data_file:file { getattr };
commit	e39f8d23ede078a10653da7ef78c3c3ec5e591cf	[log] [tgz]
author	Igor Murashkin <iam@google.com>	Wed Feb 12 16:28:19 2020 -0800
committer	Igor Murashkin <iam@google.com>	Thu Feb 20 16:38:17 2020 -0800
tree	b47405f28066a8602a220f53e80392ba84830bc1
parent	b8c108e15f2523c6bb936b7e434a80efac6a9234 [diff] [blame]