From b87a4b16d2d9b110047e24edeeb2528bcffd0574 Mon Sep 17 00:00:00 2001
From: Fyodor Kupolov <fkupolov@google.com>
Date: Tue, 3 Mar 2015 18:19:12 -0800
Subject: [PATCH] Support for storing OAT files in app directory

oat dir inside apk_tmp_file should be labeled as dalvikcache_data_file.

Bug: 19550105
Change-Id: Ie928b5f47bfc42167bf86fdf10d6913ef25d145d
---
 dex2oat.te    | 1 +
 file_contexts | 4 +++-
 installd.te   | 8 +++++---
 3 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/dex2oat.te b/dex2oat.te
index f7de25d65..0eb3881e9 100644
--- a/dex2oat.te
+++ b/dex2oat.te
@@ -13,3 +13,4 @@ allow dex2oat installd:fd use;
 allow dex2oat asec_apk_file:file read;
 allow dex2oat unlabeled:file read;
 allow dex2oat oemfs:file read;
+allow dex2oat apk_tmp_file:file read;
diff --git a/file_contexts b/file_contexts
index e20638e38..45a3549c0 100644
--- a/file_contexts
+++ b/file_contexts
@@ -204,7 +204,9 @@
 /data/adb(/.*)?		u:object_r:adb_data_file:s0
 /data/anr(/.*)?		u:object_r:anr_data_file:s0
 /data/app(/.*)?                       u:object_r:apk_data_file:s0
-/data/app/vmdl.*\.tmp(/.*)?           u:object_r:apk_tmp_file:s0
+/data/app/[^/]+/oat(/.*)?                u:object_r:dalvikcache_data_file:s0
+/data/app/vmdl[^/]+\.tmp(/.*)?           u:object_r:apk_tmp_file:s0
+/data/app/vmdl[^/]+\.tmp/oat(/.*)?           u:object_r:dalvikcache_data_file:s0
 /data/app-private(/.*)?               u:object_r:apk_private_data_file:s0
 /data/app-private/vmdl.*\.tmp(/.*)?   u:object_r:apk_private_tmp_file:s0
 /data/tombstones(/.*)?	u:object_r:tombstone_data_file:s0
diff --git a/installd.te b/installd.te
index 46e6b8112..2187a1568 100644
--- a/installd.te
+++ b/installd.te
@@ -5,11 +5,13 @@ type installd_exec, exec_type, file_type;
 init_daemon_domain(installd)
 typeattribute installd mlstrustedsubject;
 allow installd self:capability { chown dac_override fowner fsetid setgid setuid };
-allow installd apk_data_file:file rename;
-allow installd apk_data_file:dir create_dir_perms;
+allow installd apk_data_file:file { rename unlink };
+allow installd dalvikcache_data_file:dir relabelto;
+allow installd apk_data_file:dir { create_dir_perms relabelfrom };
 allow installd apk_data_file:lnk_file { create read unlink };
 allow installd asec_apk_file:file r_file_perms;
-allow installd apk_tmp_file:file r_file_perms;
+allow installd apk_tmp_file:file { r_file_perms unlink };
+allow installd apk_tmp_file:dir { relabelfrom create_dir_perms };
 allow installd oemfs:dir r_dir_perms;
 allow installd oemfs:file r_file_perms;
 allow installd system_file:file x_file_perms;
-- 
GitLab