| Andreas Gampe | 82071b6 | 2017-03-21 19:39:01 -0700 | [diff] [blame] | 1 | # type_transition must be private policy the domain_trans rules could stay |
| 2 | # public, but conceptually should go with this |
| 3 | # Technically not a daemon but we do want the transition from init domain to |
| 4 | # asan_extract to occur. |
| 5 | with_asan(` |
| Inseob Kim | 55e5c9b | 2020-03-04 17:20:35 +0900 | [diff] [blame] | 6 | typeattribute asan_extract coredomain; |
| 7 | init_daemon_domain(asan_extract) |
| 8 | |
| 9 | # We need to signal a reboot when done. |
| 10 | set_prop(asan_extract, powerctl_prop) |
| Inseob Kim | 75806ef | 2024-03-27 17:18:41 +0900 | [diff] [blame] | 11 | |
| 12 | # Allow asan_extract to execute itself using #!/system/bin/sh |
| 13 | allow asan_extract shell_exec:file rx_file_perms; |
| 14 | |
| 15 | # We execute log, rm, gzip and tar. |
| 16 | allow asan_extract toolbox_exec:file rx_file_perms; |
| 17 | allow asan_extract system_file:file execute_no_trans; |
| 18 | |
| 19 | # asan_extract deletes old /data/lib. |
| 20 | allow asan_extract system_file:dir { open read remove_name rmdir write }; |
| 21 | allow asan_extract system_file:file unlink; |
| 22 | |
| 23 | # asan_extract untars ASAN libraries into /data. |
| 24 | allow asan_extract system_data_file:dir create_dir_perms ; |
| 25 | allow asan_extract system_data_file:{ file lnk_file } create_file_perms ; |
| 26 | |
| 27 | # Relabel the libraries with restorecon. |
| 28 | allow asan_extract file_contexts_file:file r_file_perms; |
| 29 | allow asan_extract system_data_file:{ dir file } relabelfrom; |
| 30 | allow asan_extract system_file:dir { relabelto setattr }; |
| 31 | allow asan_extract system_file:file relabelto; |
| 32 | |
| 33 | # Restorecon will actually already try to run with sanitized libraries (libpackagelistparser). |
| 34 | allow asan_extract system_data_file:file execute; |
| Andreas Gampe | 82071b6 | 2017-03-21 19:39:01 -0700 | [diff] [blame] | 35 | ') |