From 2899434716e069231d67133927bed25c9e27bcbc Mon Sep 17 00:00:00 2001
From: Jorge Lucangeli Obes <jorgelo@google.com>
Date: Mon, 21 Nov 2016 11:54:19 -0500
Subject: [PATCH] Add WITH_DEXPREOPT_PIC to 'with_dexpreopt' SELinux macro.

|WITH_DEXPREOPT_PIC = false| will still cause code to be loaded from
/data.

Bug: 32970029
Test: On HiKey and Marlin:
Test: Add |WITH_DEXPREOPT_PIC = false|, see SELinux denial.
Test: Apply this CL, no SELinux denials.
Change-Id: I0a1d39eeb4d7f75d84c1908b879d9ea1ccffba74
---
 Android.mk       | 4 ++++
 public/te_macros | 4 ++--
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/Android.mk b/Android.mk
index 6af3af912..3eddee824 100644
--- a/Android.mk
+++ b/Android.mk
@@ -140,6 +140,7 @@ $(PLAT_PUBLIC_POLICY) $(PLAT_PRIVATE_POLICY))
 		-D target_build_variant=$(TARGET_BUILD_VARIANT) \
 		-D target_build_treble=$(ENABLE_TREBLE) \
 		-D target_with_dexpreopt=$(WITH_DEXPREOPT) \
+		-D target_with_dexpreopt_pic=$(WITH_DEXPREOPT_PIC) \
 		-s $^ > $@
 	$(hide) sed '/dontaudit/d' $@ > $@.dontaudit
 
@@ -158,6 +159,7 @@ $(PLAT_PUBLIC_POLICY) $(PLAT_PRIVATE_POLICY) $(BOARD_SEPOLICY_DIRS))
 		-D target_build_variant=$(TARGET_BUILD_VARIANT) \
 		-D target_build_treble=$(ENABLE_TREBLE) \
 		-D target_with_dexpreopt=$(WITH_DEXPREOPT) \
+		-D target_with_dexpreopt_pic=$(WITH_DEXPREOPT_PIC) \
 		-D target_arch=$(LOCAL_TARGET_ARCH) \
 		-s $^ > $@
 	$(hide) sed '/dontaudit/d' $@ > $@.dontaudit
@@ -200,6 +202,7 @@ $(PLAT_PUBLIC_POLICY) $(PLAT_PRIVATE_POLICY) $(BOARD_SEPOLICY_DIRS))
 		-D target_build_variant=$(TARGET_BUILD_VARIANT) \
 		-D target_build_treble=$(ENABLE_TREBLE) \
 		-D target_with_dexpreopt=$(WITH_DEXPREOPT) \
+		-D target_with_dexpreopt_pic=$(WITH_DEXPREOPT_PIC) \
 		-D target_recovery=true \
 		-s $^ > $@
 
@@ -237,6 +240,7 @@ $(PLAT_PUBLIC_POLICY) $(PLAT_PRIVATE_POLICY))
 		-D target_build_variant=user \
 		-D target_build_treble=$(ENABLE_TREBLE) \
 		-D target_with_dexpreopt=$(WITH_DEXPREOPT) \
+		-D target_with_dexpreopt_pic=$(WITH_DEXPREOPT_PIC) \
 		-s $^ > $@
 	$(hide) sed '/dontaudit/d' $@ > $@.dontaudit
 
diff --git a/public/te_macros b/public/te_macros
index 9664b3196..a826e9683 100644
--- a/public/te_macros
+++ b/public/te_macros
@@ -290,9 +290,9 @@ define(`passthrough_hal', ifelse(target_build_treble, `', $1))
 
 #####################################
 # WITH_DEXPREOPT builds
-# SELinux rules which apply only when pre-opting.
+# SELinux rules which apply only when pre-opting with PIC.
 #
-define(`with_dexpreopt', ifelse(target_with_dexpreopt, `true', $1))
+define(`with_dexpreopt', ifelse(target_with_dexpreopt, `true', ifelse(target_with_dexpreopt_pic, `true', $1)))
 
 #####################################
 # write_logd(domain)
-- 
GitLab