| Alan Stokes | 72cac09 | 2021-07-21 12:13:19 +0100 | [diff] [blame] | 1 | # dex2oat |
| 2 | type dex2oat, domain, coredomain; |
| 3 | type dex2oat_exec, system_file_type, exec_type, file_type; |
| 4 | |
| 5 | allow dex2oat tmpfs:file { read getattr map }; |
| Victor Hsieh | aa987aa | 2021-08-10 16:33:32 -0700 | [diff] [blame] | 6 | |
| 7 | # Allow dex2oat to use FDs from authfs_service via compos. |
| 8 | allow dex2oat authfs_service:fd use; |
| 9 | allow dex2oat compos:fd use; |
| Victor Hsieh | f97cc1f | 2021-11-30 14:43:47 -0800 | [diff] [blame^] | 10 | allow dex2oat odrefresh:fd use; |
| Victor Hsieh | aa987aa | 2021-08-10 16:33:32 -0700 | [diff] [blame] | 11 | |
| 12 | # Allow dex2oat to read/write FDs on authfs_fuse filesystem. |
| Victor Hsieh | dedb490 | 2021-08-19 13:59:37 -0700 | [diff] [blame] | 13 | allow dex2oat authfs_fuse:file { read write getattr map }; |
| Victor Hsieh | aa987aa | 2021-08-10 16:33:32 -0700 | [diff] [blame] | 14 | |
| 15 | # Minijail uses pipe for the parent process to signal the child (as a fallback |
| 16 | # mechanism, since Android does not support minijail's preload). |
| 17 | # TODO(196109647): We can probably remove this once the minijail preload is |
| 18 | # supported on Android. |
| 19 | allow dex2oat compos:fifo_file read; |
| 20 | |
| 21 | # Allow acquiring advisory lock on /system/framework/<arch>/* |
| 22 | allow dex2oat system_file:file lock; |
| 23 | |
| 24 | # Allow dex2oat to read /apex/apex-info-list.xml |
| 25 | allow dex2oat apex_info_file:file r_file_perms; |