| Alan Stokes | 72cac09 | 2021-07-21 12:13:19 +0100 | [diff] [blame] | 1 | # dex2oat |
| 2 | type dex2oat, domain, coredomain; |
| 3 | type dex2oat_exec, system_file_type, exec_type, file_type; |
| 4 | |
| 5 | allow dex2oat tmpfs:file { read getattr map }; |
| Victor Hsieh | aa987aa | 2021-08-10 16:33:32 -0700 | [diff] [blame] | 6 | |
| 7 | # Allow dex2oat to use FDs from authfs_service via compos. |
| 8 | allow dex2oat authfs_service:fd use; |
| 9 | allow dex2oat compos:fd use; |
| 10 | |
| 11 | # Allow dex2oat to read/write FDs on authfs_fuse filesystem. |
| Victor Hsieh | dedb490 | 2021-08-19 13:59:37 -0700 | [diff] [blame] | 12 | allow dex2oat authfs_fuse:file { read write getattr map }; |
| Victor Hsieh | aa987aa | 2021-08-10 16:33:32 -0700 | [diff] [blame] | 13 | |
| 14 | # Minijail uses pipe for the parent process to signal the child (as a fallback |
| 15 | # mechanism, since Android does not support minijail's preload). |
| 16 | # TODO(196109647): We can probably remove this once the minijail preload is |
| 17 | # supported on Android. |
| 18 | allow dex2oat compos:fifo_file read; |
| 19 | |
| 20 | # Allow acquiring advisory lock on /system/framework/<arch>/* |
| 21 | allow dex2oat system_file:file lock; |
| 22 | |
| 23 | # Allow dex2oat to read /apex/apex-info-list.xml |
| 24 | allow dex2oat apex_info_file:file r_file_perms; |