From 33ebdda80fe109dd07e671a6514880d5680a6c35 Mon Sep 17 00:00:00 2001
From: Vishwath Mohan <vishwath@google.com>
Date: Wed, 29 Mar 2017 23:03:33 -0700
Subject: [PATCH] Refactor sanitized library on-disk layout - SELinux.

This CL changes the policy for ASAN files on-disk to support the
changes made by the following CLs -
https://android-review.googlesource.com/#/c/359087/
https://android-review.googlesource.com/#/c/359389/

which refactor the on-disk layout of sanitized libraries in the following
manner -
/data/lib* --> /data/asan/system/lib*
/data/vendor/* --> /data/asan/vendor/*

There are a couple of advantages to this, including better isolation
from other components, and more transparent linker renaming and
SELinux policies.

Bug: 36574794
Bug: 36674745
Test: m -j40 && SANITIZE_TARGET="address" m -j40 and the device
boots. All sanitized libraries are correctly located in /data/asan/*,
and have the right SELinux permissions.

Change-Id: Ib08e360cecc8d77754a768a9af0f7db35d6921a9
---
 private/file_contexts_asan | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/private/file_contexts_asan b/private/file_contexts_asan
index 5813d3264..5e756fc79 100644
--- a/private/file_contexts_asan
+++ b/private/file_contexts_asan
@@ -1,4 +1,4 @@
-/data/lib(/.*)?                u:object_r:system_file:s0
-/data/lib64(/.*)?              u:object_r:system_file:s0
-/data/vendor/lib(/.*)?         u:object_r:system_file:s0
-/data/vendor/lib64(/.*)?       u:object_r:system_file:s0
+/data/asan/system/lib(/.*)?                u:object_r:system_file:s0
+/data/asan/system/lib64(/.*)?              u:object_r:system_file:s0
+/data/asan/vendor/lib(/.*)?                u:object_r:system_file:s0
+/data/asan/vendor/lib64(/.*)?              u:object_r:system_file:s0
-- 
GitLab