place dex2oat auditallow statements in userdebug_or_eng blocks

By convention, auditallow statements are always placed in userdebug_or_eng() blocks. This ensures that we don't inadvertently ship audit rules on production devices, which could result in device logspam, and in pathological situations, impact device performance (generating audit messages is much more expensive than a standard SELinux check). Bug: 117606664 Test: policy compiles. Change-Id: I681ed73c83683e8fdbef9cf662488115f6e7a490

place dex2oat auditallow statements in userdebug_or_eng blocks
By convention, auditallow statements are always placed in userdebug_or_eng() blocks. This ensures that we don't inadvertently ship audit rules on production devices, which could result in device logspam, and in pathological situations, impact device performance (generating audit messages is much more expensive than a standard SELinux check). Bug: 117606664 Test: policy compiles. Change-Id: I681ed73c83683e8fdbef9cf662488115f6e7a490
cfe1baea · Nick Kralevich · c7be91d5 · cfe1baea · cfe1baea
Commit cfe1baea authored 6 years ago by Nick Kralevich
--- a/private/untrusted_app_25.te
+++ b/private/untrusted_app_25.te
@@ -53,5 +53,4 @@ allow untrusted_app_25 app_data_file:file execute_no_trans;
 # The ability to invoke dex2oat. Historically required by ART, now only
 # allowed for targetApi<=28 for compat reasons.
 allow untrusted_app_25 dex2oat_exec:file rx_file_perms;
-auditallow untrusted_app_25 dex2oat_exec:file rx_file_perms;
+userdebug_or_eng(`auditallow untrusted_app_25 dex2oat_exec:file rx_file_perms;')
--- a/private/untrusted_app_27.te
+++ b/private/untrusted_app_27.te
@@ -34,5 +34,4 @@ allow untrusted_app_27 app_data_file:file execute_no_trans;
 # The ability to invoke dex2oat. Historically required by ART, now only
 # allowed for targetApi<=28 for compat reasons.
 allow untrusted_app_27 dex2oat_exec:file rx_file_perms;
-auditallow untrusted_app_27 dex2oat_exec:file rx_file_perms;
+userdebug_or_eng(`auditallow untrusted_app_27 dex2oat_exec:file rx_file_perms;')