From 5377be6563d8436b38d774fd8fe415d512b86fe7 Mon Sep 17 00:00:00 2001
From: Jaesoo Lee <jaesoo@google.com>
Date: Fri, 7 Apr 2017 17:50:30 +0900
Subject: [PATCH] allow access to vendor_framework_file to dex2oat and
 appdomain

We should give appdomain the access to the /vendor/framework directory
since the jar in the directory is not dexopt-ed.AFAIK, jars which are
not in the bootclasspath are not dexopt-ed by default.

Bug: b/37129319
Test: built and confirmed that embms.apk not crashed

Change-Id: Ic2b1eef472f2fba53e26403dde8ad9ede8105a03
---
 private/app.te | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/private/app.te b/private/app.te
index 73d772995..f7c060b61 100644
--- a/private/app.te
+++ b/private/app.te
@@ -101,6 +101,10 @@ r_dir_file({ appdomain -ephemeral_app -untrusted_v2_app }, vendor_app_file)
 # Allow apps access to /vendor/overlay
 r_dir_file(appdomain, vendor_overlay_file)
 
+# Allow apps access to /vendor/framework
+# for vendor provided libraries.
+r_dir_file(appdomain, vendor_framework_file)
+
 # Execute dex2oat when apps call dexclassloader
 allow appdomain dex2oat_exec:file rx_file_perms;
 
-- 
GitLab