From adbabeebb2a931c6992ab80ef71e1e63afbd3e78 Mon Sep 17 00:00:00 2001 From: Nick Kralevich Date: Wed, 26 Nov 2014 11:46:06 -0800 Subject: [PATCH] Allow dex2oat to work on /oem APKs Dex2oat needs the ability to read from already open file descriptors in /oem so that apps from that location can be installed. Allow it. Addresses the following denials: avc: denied { read } for comm="dex2oat" path="/oem/app/TabletInfo.apk" dev="mmcblk0p12" ino=20 scontext=u:r:dex2oat:s0 tcontext=u:object_r:oemfs:s0 tclass=file permissive=0 avc: denied { read } for comm="dex2oat" path="/oem/app/AskMe_android_one.apk" dev="mmcblk0p12" ino=14 scontext=u:r:dex2oat:s0 tcontext=u:object_r:oemfs:s0 tclass=file permissive=0 avc: denied { read } for comm="dex2oat" path="/oem/app/PartnerRegulatoryInfo.apk" dev="mmcblk0p12" ino=19 scontext=u:r:dex2oat:s0 tcontext=u:object_r:oemfs:s0 tclass=file permissive=0 avc: denied { read } for comm="dex2oat" path="/oem/app/PartnerLauncherProvider.apk" dev="mmcblk0p12" ino=18 scontext=u:r:dex2oat:s0 tcontext=u:object_r:oemfs:s0 tclass=file permissive=0 avc: denied { read } for comm="dex2oat" path="/oem/app/Amazon_Mobile_com.apk" dev="mmcblk0p12" ino=13 scontext=u:r:dex2oat:s0 tcontext=u:object_r:oemfs:s0 tclass=file permissive=0 avc: denied { read } for comm="dex2oat" path="/oem/app/PartnerBookmarksProvider.apk" dev="mmcblk0p12" ino=17 scontext=u:r:dex2oat:s0 tcontext=u:object_r:oemfs:s0 tclass=file permissive=0 avc: denied { read } for comm="dex2oat" path="/oem/app/Hike.apk" dev="mmcblk0p12" ino=15 scontext=u:r:dex2oat:s0 tcontext=u:object_r:oemfs:s0 tclass=file permissive=0 avc: denied { read } for comm="dex2oat" path="/oem/app/MiLive_embedded_IndiaGames_version4.0_android1.apk" dev="mmcblk0p12" ino=16 scontext=u:r:dex2oat:s0 tcontext=u:object_r:oemfs:s0 tclass=file permissive=0 Bug: 18539205 Change-Id: I92bd91c66befc5a1060dd189324b2c046bba0258 --- dex2oat.te | 1 + 1 file changed, 1 insertion(+) diff --git a/dex2oat.te b/dex2oat.te index 5fded367..f7de25d6 100644 --- a/dex2oat.te +++ b/dex2oat.te @@ -12,3 +12,4 @@ allow dex2oat installd:fd use; # locked APKs. allow dex2oat asec_apk_file:file read; allow dex2oat unlabeled:file read; +allow dex2oat oemfs:file read;