| Jiakai Zhang | 817c49f | 2023-10-18 17:03:20 +0100 | [diff] [blame^] | 1 | type dexopt_chroot_setup, domain, coredomain; |
| 2 | type dexopt_chroot_setup_exec, system_file_type, exec_type, file_type; |
| 3 | type dexopt_chroot_setup_tmpfs, file_type; |
| 4 | |
| 5 | # Allow dexopt_chroot_setup to publish a binder service and make binder calls. |
| 6 | binder_use(dexopt_chroot_setup) |
| 7 | add_service(dexopt_chroot_setup, dexopt_chroot_setup_service) |
| 8 | allow dexopt_chroot_setup dumpstate:fifo_file { getattr write }; |
| 9 | allow dexopt_chroot_setup dumpstate:fd use; |
| 10 | |
| 11 | init_daemon_domain(dexopt_chroot_setup) |
| 12 | |
| 13 | # Use tmpfs_domain() which will give tmpfs files created by dexopt_chroot_setup their |
| 14 | # own label, which differs from other labels created by other processes. |
| 15 | # This allows to distinguish in policy files created by dexopt_chroot_setup vs other |
| 16 | # processes. |
| 17 | tmpfs_domain(dexopt_chroot_setup) |
| 18 | |
| 19 | # libart (mark_compact.cc) has some intialization code that touches the cache |
| 20 | # info file and userfaultfd. |
| 21 | allow dexopt_chroot_setup apex_module_data_file:dir { getattr search }; |
| 22 | r_dir_file(dexopt_chroot_setup, apex_art_data_file) |
| 23 | userfaultfd_use(dexopt_chroot_setup) |