Something went wrong on our end
-
Andreas Gampe authoredGive mount & chroot permissions to otapreopt_chroot related to postinstall. Add postinstall_dexopt for otapreopt in the B partition. Allow the things installd can do for dexopt. Give a few more rights to dex2oat for postinstall files. Allow postinstall files to call the system server. Bug: 25612095 Change-Id: If7407473d50c9414668ff6ef869c2aadd14264e7
Andreas Gampe authoredGive mount & chroot permissions to otapreopt_chroot related to postinstall. Add postinstall_dexopt for otapreopt in the B partition. Allow the things installd can do for dexopt. Give a few more rights to dex2oat for postinstall files. Allow postinstall files to call the system server. Bug: 25612095 Change-Id: If7407473d50c9414668ff6ef869c2aadd14264e7
otapreopt_chroot.te 600 B
# otapreopt_chroot executable
type otapreopt_chroot, domain;
type otapreopt_chroot_exec, exec_type, file_type;
# Chroot preparation and execution.
# We need to create an unshared mount namespace, and then mount /data.
allow otapreopt_chroot postinstall_file:dir { search mounton };
allow otapreopt_chroot self:capability { sys_admin sys_chroot };
# Allow to transition to postinstall_ota, to run otapreopt in its own sandbox.
domain_auto_trans(otapreopt_chroot, postinstall_file, postinstall_dexopt)
# Allow otapreopt to use file descriptors from installd.
allow otapreopt_chroot installd:fd use;