| Jiakai Zhang | 4acd073 | 2024-03-20 11:24:54 +0000 | [diff] [blame] | 1 | # A wrapper program that configures the process and executes a command. |
| 2 | type art_exec, domain, coredomain; |
| 3 | type art_exec_exec, system_file_type, exec_type, file_type; |
| 4 | |
| 5 | # Usually, this program is executed in the caller's domain. For example, it is |
| 6 | # executed in the `artd` domain when artd calls it. Domain transition will take |
| 7 | # place as soon as it executes other programs. |
| 8 | # The only exception is when called by init. In this case, it's executed in its |
| 9 | # own domain because init should never execute a program without changing to |
| 10 | # another domain. |
| 11 | init_daemon_domain(art_exec) |
| 12 | |
| 13 | # init calls this program to execute artd in a chroot environment for Pre-reboot |
| 14 | # Dexopt. |
| 15 | domain_auto_trans(art_exec, artd_exec, artd) |
| 16 | |
| 17 | # "sys_chroot" is for chroot'ing into the chroot environment, created by |
| 18 | # dexopt_chroot_setup. |
| 19 | allow art_exec self:global_capability_class_set sys_chroot; |
| 20 | |
| 21 | # Allow finding artd in the chroot dir for Pre-reboot Dexopt. |
| 22 | allow art_exec pre_reboot_dexopt_file:dir search; |