1# dexoptanalyzer
2type dexoptanalyzer, domain, coredomain, mlstrustedsubject;
3type dexoptanalyzer_exec, exec_type, file_type;
4
5# Reading an APK opens a ZipArchive, which unpack to tmpfs.
6# Use tmpfs_domain() which will give tmpfs files created by dexoptanalyzer their
7# own label, which differs from other labels created by other processes.
8# This allows to distinguish in policy files created by dexoptanalyzer vs other
9#processes.
10tmpfs_domain(dexoptanalyzer)
11
12# Read symlinks in /data/dalvik-cache. This is required for PIC mode boot
13# app_data_file the oat file is symlinked to the original file in /system.
14allow dexoptanalyzer dalvikcache_data_file:dir { getattr search };
15allow dexoptanalyzer dalvikcache_data_file:file r_file_perms;
16allow dexoptanalyzer dalvikcache_data_file:lnk_file read;
17
18allow dexoptanalyzer installd:fd use;
19
20# Allow reading secondary dex files that were reported by the app to the
21# package manager.
22allow dexoptanalyzer app_data_file:dir { getattr search };
23allow dexoptanalyzer app_data_file:file r_file_perms;
24# dexoptanalyzer calls access(2) with W_OK flag on app data. We can use the
25# "dontaudit...audit_access" policy line to suppress the audit access without
26# suppressing denial on actual access.
27dontaudit dexoptanalyzer app_data_file:dir audit_access;
28
29# Allow testing /data/user/0 which symlinks to /data/data
30allow dexoptanalyzer system_data_file:lnk_file { getattr };
31