1# otapreopt_slot 2# 3# This command set moves the artifact corresponding to the current slot 4# from /data/ota to /data/dalvik-cache. 5 6type otapreopt_slot, domain, mlstrustedsubject; 7type otapreopt_slot_exec, exec_type, file_type; 8 9 10# The otapreopt_slot renames the OTA dalvik-cache to the regular dalvik-cache, and cleans up 11# the directory afterwards. For logging of aggregate size, we need getattr. 12allow otapreopt_slot ota_data_file:dir { rw_dir_perms rename reparent rmdir }; 13allow otapreopt_slot ota_data_file:{ file lnk_file } getattr; 14# (du follows symlinks) 15allow otapreopt_slot ota_data_file:lnk_file read; 16 17# Delete old content of the dalvik-cache. 18allow otapreopt_slot dalvikcache_data_file:dir { add_name getattr open read remove_name rmdir search write }; 19allow otapreopt_slot dalvikcache_data_file:file { getattr unlink }; 20allow otapreopt_slot dalvikcache_data_file:lnk_file { getattr read unlink }; 21 22# Allow cppreopts to execute itself using #!/system/bin/sh 23allow otapreopt_slot shell_exec:file rx_file_perms; 24 25# Allow running the mv and rm/rmdir commands using otapreopt_slot permissions. 26# Needed so we can move artifacts into /data/dalvik-cache/dalvik-cache. 27allow otapreopt_slot toolbox_exec:file rx_file_perms; 28