system_server: Report dalvikcache_data_file execute violations.

With build/core eaa9d88cf, system_server should not be loading code from /data. Add an auditallow rule to report violations. Bug: 37214733 Test: Boot marlin, no SELinux audit lines for system_server. Change-Id: I2e25eb144503274025bd4fc9bb519555851f6521 (cherry picked from commit 665128fa)

system_server: Report dalvikcache_data_file execute violations.
With build/core eaa9d88cf, system_server should not be loading code from /data. Add an auditallow rule to report violations. Bug: 37214733 Test: Boot marlin, no SELinux audit lines for system_server. Change-Id: I2e25eb144503274025bd4fc9bb519555851f6521 (cherry picked from commit 665128fa)
62a1b236 · Jorge Lucangeli Obes · 976fb16b · 62a1b236
Commit 62a1b236 authored 7 years ago by Jorge Lucangeli Obes
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -18,6 +18,10 @@ allow system_server zygote_tmpfs:file read;
 # For art.
 allow system_server dalvikcache_data_file:dir r_dir_perms;
 allow system_server dalvikcache_data_file:file { r_file_perms execute };
+userdebug_or_eng(`
+  # Report dalvikcache_data_file:file execute violations.
+  auditallow system_server dalvikcache_data_file:file execute;
+')

 # /data/resource-cache
 allow system_server resourcecache_data_file:file r_file_perms;