Skip to content
Snippets Groups Projects
Commit ba8821b0 authored by Narayan Kamath's avatar Narayan Kamath Committed by Android (Google) Code Review
Browse files

Merge changes from topic 'na-move-to-installd' into mnc-dev

* changes:
  Allow installd to link apk_data_file and dalvikcache_data_file.
  Revert "Allow system_server to link,relabel and create_dir dalvikcache_data_file."
parents 4b4b2b92 9aafd4a3
No related branches found
No related tags found
No related merge requests found
...@@ -356,10 +356,6 @@ neverallow { ...@@ -356,10 +356,6 @@ neverallow {
-zygote -zygote
-installd -installd
-dex2oat -dex2oat
-system_server # TODO: The system server needs to create directories
# and link files for split APK installs. This could perhaps be
# removed if we made installd responsible for manipulating the
# staging directory.
} dalvikcache_data_file:file no_w_file_perms; } dalvikcache_data_file:file no_w_file_perms;
# Only system_server should be able to send commands via the zygote socket # Only system_server should be able to send commands via the zygote socket
......
...@@ -8,11 +8,11 @@ allow installd self:capability { chown dac_override fowner fsetid setgid setuid ...@@ -8,11 +8,11 @@ allow installd self:capability { chown dac_override fowner fsetid setgid setuid
# Allow labeling of files under /data/app/com.example/oat/ # Allow labeling of files under /data/app/com.example/oat/
allow installd dalvikcache_data_file:dir relabelto; allow installd dalvikcache_data_file:dir relabelto;
allow installd dalvikcache_data_file:file relabelto; allow installd dalvikcache_data_file:file { relabelto link };
# Allow movement of APK files between volumes # Allow movement of APK files between volumes
allow installd apk_data_file:dir { create_dir_perms relabelfrom }; allow installd apk_data_file:dir { create_dir_perms relabelfrom };
allow installd apk_data_file:file { create_file_perms relabelfrom }; allow installd apk_data_file:file { create_file_perms relabelfrom link };
allow installd apk_data_file:lnk_file { create read unlink }; allow installd apk_data_file:lnk_file { create read unlink };
allow installd asec_apk_file:file r_file_perms; allow installd asec_apk_file:file r_file_perms;
......
...@@ -16,25 +16,6 @@ allow system_server system_server_tmpfs:file execute; ...@@ -16,25 +16,6 @@ allow system_server system_server_tmpfs:file execute;
allow system_server dalvikcache_data_file:file execute; allow system_server dalvikcache_data_file:file execute;
allow system_server dalvikcache_data_file:dir r_dir_perms; allow system_server dalvikcache_data_file:dir r_dir_perms;
# For PackageInstallerSession.
#
# All of these rules relate to the installation and compilation of split
# APKs. Roughly, the process is as follows. The rules below only pertain
# to step (3) of the process
#
# (1) Create a staging directory.
# (2) Link existing APKs from the split
#
# (3) Link existing compiled oat files : This requires "create_dir_perms"
# to create oat directories (foo/oat and foo/oat/x86), "relabelto" to
# make sure they have the right label, and "link" to link files.
#
# (3) Invoke dex2oat to compile the updated / new split
# (4) Rename the staging directory back to the final path.
allow system_server dalvikcache_data_file:file link;
allow system_server dalvikcache_data_file:dir relabelto;
allow system_server dalvikcache_data_file:dir create_dir_perms;
# /data/resource-cache # /data/resource-cache
allow system_server resourcecache_data_file:file r_file_perms; allow system_server resourcecache_data_file:file r_file_perms;
allow system_server resourcecache_data_file:dir r_dir_perms; allow system_server resourcecache_data_file:dir r_dir_perms;
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment