From 1103f963a7f2a23212e8ba8c6b5e9cc5f1f9bb26 Mon Sep 17 00:00:00 2001
From: Jeff Hao <jeffhao@google.com>
Date: Wed, 5 Apr 2017 15:49:05 -0700
Subject: [PATCH] Add dex2oat permissions to open and read the tmp apk.

The PackageManager now passes previous code paths to dex2oat as shared
libraries. dex2oat needs extra permissions in order to access and open
the oat files of these libraries (if they were compiled).

Part of a multi-project change.

Bug: 34169257
Test: cts-tradefed run singleCommand cts -d --module
CtsAppSecurityHostTestCases -t android.appsecurity.cts.SplitTests

Change-Id: I7b9cfd7f3c3509f3e41f0590ab650bd85faab340
---
 public/dex2oat.te | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/public/dex2oat.te b/public/dex2oat.te
index 2fb233649..4551e589c 100644
--- a/public/dex2oat.te
+++ b/public/dex2oat.te
@@ -27,7 +27,8 @@ allow dex2oat system_file:file lock;
 allow dex2oat asec_apk_file:file read;
 allow dex2oat unlabeled:file read;
 allow dex2oat oemfs:file read;
-allow dex2oat apk_tmp_file:file read;
+allow dex2oat apk_tmp_file:dir search;
+allow dex2oat apk_tmp_file:file r_file_perms;
 allow dex2oat user_profile_data_file:file { getattr read lock };
 
 # Allow dex2oat to compile app's secondary dex files which were reported back to
-- 
GitLab