| satayev | afc9791 | 2021-03-19 11:08:49 +0000 | [diff] [blame] | 1 | |
| 2 | # Domain for derive_classpath |
| 3 | type derive_classpath, domain, coredomain; |
| 4 | type derive_classpath_exec, system_file_type, exec_type, file_type; |
| 5 | init_daemon_domain(derive_classpath) |
| 6 | |
| Artur Satayev | 4c6d308 | 2021-03-29 15:39:33 +0100 | [diff] [blame] | 7 | # Read /apex |
| 8 | allow derive_classpath apex_mnt_dir:dir r_dir_perms; |
| Jooyung Han | b6211b8 | 2023-05-31 17:51:14 +0900 | [diff] [blame] | 9 | allow derive_classpath vendor_apex_metadata_file:dir r_dir_perms; |
| Artur Satayev | 4c6d308 | 2021-03-29 15:39:33 +0100 | [diff] [blame] | 10 | |
| satayev | afc9791 | 2021-03-19 11:08:49 +0000 | [diff] [blame] | 11 | # Create /data/system/environ/classpath file |
| 12 | allow derive_classpath environ_system_data_file:dir rw_dir_perms; |
| 13 | allow derive_classpath environ_system_data_file:file create_file_perms; |
| 14 | |
| 15 | # b/183079517 fails on gphone targets otherwise |
| 16 | allow derive_classpath unlabeled:dir search; |
| Alex Light | 8393a05 | 2021-04-26 16:46:57 -0700 | [diff] [blame] | 17 | |
| 18 | # Allow derive_classpath to write the classpath into ota dexopt |
| 19 | # - Read the ota's apex dir |
| 20 | allow derive_classpath postinstall_apex_mnt_dir:dir r_dir_perms; |
| 21 | # - Report the BCP to the ota's dexopt |
| 22 | allow derive_classpath postinstall_dexopt:dir search; |
| 23 | allow derive_classpath postinstall_dexopt:fd use; |
| 24 | allow derive_classpath postinstall_dexopt:file read; |
| 25 | allow derive_classpath postinstall_dexopt:lnk_file read; |
| 26 | allow derive_classpath postinstall_dexopt_tmpfs:file rw_file_perms; |
| Jiakai Zhang | 4acd073 | 2024-03-20 11:24:54 +0000 | [diff] [blame^] | 27 | |
| 28 | # Allow to be called by artd in Pre-reboot Dexopt. |
| 29 | allow derive_classpath artd:fd use; |
| 30 | |
| 31 | # Allow writing to Pre-reboot Dexopt temp files. |
| 32 | allow derive_classpath pre_reboot_dexopt_artd_file:file { open read write }; |