From f7ccfd003c07cf14159740748ab8aedfdeebc6b8 Mon Sep 17 00:00:00 2001
From: Igor Murashkin <iam@google.com>
Date: Fri, 24 Oct 2014 14:22:12 -0700
Subject: [PATCH] zygote/dex2oat: Grant additional symlink permissions

* zygote needs to be able to symlink from dalvik cache to system
  to avoid having to copy boot.oat
  (when the boot.oat file was built with --compile-pic)
* dex2oat needs to be able to read the symlink in the dalvik cache
  (the one that zygote creates)

(cherry-picked from AOSP master
83c5612e69fa05610baf4f4d237fe0995a79cde5)

Bug: 18035729
Change-Id: Ie1acad81a0fd8b2f24e1f3f07a06e6fdb548be62
---
 dex2oat.te | 2 ++
 zygote.te  | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/dex2oat.te b/dex2oat.te
index 2df9947dd..5fded3670 100644
--- a/dex2oat.te
+++ b/dex2oat.te
@@ -3,6 +3,8 @@ type dex2oat, domain;
 type dex2oat_exec, exec_type, file_type;
 
 allow dex2oat dalvikcache_data_file:file write;
+# Read symlinks in /data/dalvik-cache
+allow dex2oat dalvikcache_data_file:lnk_file read;
 allow dex2oat installd:fd use;
 
 # Read already open asec_apk_file file descriptors passed by installd.
diff --git a/zygote.te b/zygote.te
index 4c6276c8c..adbea06da 100644
--- a/zygote.te
+++ b/zygote.te
@@ -24,6 +24,8 @@ allow zygote system_data_file:file r_file_perms;
 # Write to /data/dalvik-cache.
 allow zygote dalvikcache_data_file:dir create_dir_perms;
 allow zygote dalvikcache_data_file:file create_file_perms;
+# Create symlinks in /data/dalvik-cache
+allow zygote dalvikcache_data_file:lnk_file create_file_perms;
 # Write to /data/resource-cache
 allow zygote resourcecache_data_file:dir rw_dir_perms;
 allow zygote resourcecache_data_file:file create_file_perms;
-- 
GitLab