commit ec4a90f59c1bebe079454566c29736c40b22ed8c
author Alan Stokes <alanstokes@google.com> Tue Sep 21 13:32:24 2021 +0100
committer Alan Stokes <alanstokes@google.com> Thu Sep 23 12:03:30 2021 +0100
tree dced98631909d031681e99c16300f4fd08de334d
parent 10461af50dc0b552156ed76e482ef9378136ec4d

Enable odrefresh to work with composd.

composd spawns odrefresh in its usual domain. odrefresh then spawns
fd_server in a different domain, and makes binder calls back to
composd to perform individual compilation steps.

fd_server is fairly generic, and part of the virt APEX, but this
instance is specific to composd (e.g. it has access to ART files), so
I named the domain composd_fd_server.

Bug: 186126194
Test: Run composd_cmd, artifacts generated
Change-Id: I5a431dd00b5b396a67021c618fc6edcfb25aa21b

private/odrefresh.te

diff --git a/private/odrefresh.te b/private/odrefresh.te
index 811b7cf..c6ab7bb 100644
--- a/private/odrefresh.te
+++ b/private/odrefresh.te
@@ -49,9 +49,20 @@
 # odrefesh.
 allow odrefresh composd:fd use;
 
-# Run system binaries, e.g. pvm_exec, in the same domain
+# Run binaries from the CompOS APEX in the same domain
 allow odrefresh system_file:file execute_no_trans;
 
+# Make binder calls back to composd
+binder_use(odrefresh)
+allow odrefresh compos_service:service_manager find;
+binder_call(odrefresh, composd)
+
+# Run fd_server in its own domain
+domain_auto_trans(odrefresh, fd_server_exec, compos_fd_server)
+
+# And kill it via SIGTERM
+allow odrefresh compos_fd_server:process signal;
+
 # Do not audit unused resources from parent processes (adb, shell, su).
 # These appear to be unnecessary for odrefresh.
 dontaudit odrefresh { adbd shell }:fd use;