v811_spc009/system/sepolicy/prebuilts/api/30.0/private/dexoptanalyzer.te

# dexoptanalyzer
type dexoptanalyzer, domain, coredomain, mlstrustedsubject;
type dexoptanalyzer_exec, system_file_type, exec_type, file_type;
type dexoptanalyzer_tmpfs, file_type;

r_dir_file(dexoptanalyzer, apk_data_file)
# Access to /vendor/app
r_dir_file(dexoptanalyzer, vendor_app_file)

# Reading an APK opens a ZipArchive, which unpack to tmpfs.
# Use tmpfs_domain() which will give tmpfs files created by dexoptanalyzer their
# own label, which differs from other labels created by other processes.
# This allows to distinguish in policy files created by dexoptanalyzer vs other
#processes.
tmpfs_domain(dexoptanalyzer)

# Read symlinks in /data/dalvik-cache. This is required for PIC mode boot
# app_data_file the oat file is symlinked to the original file in /system.
allow dexoptanalyzer dalvikcache_data_file:dir { getattr search };
allow dexoptanalyzer dalvikcache_data_file:file r_file_perms;
allow dexoptanalyzer dalvikcache_data_file:lnk_file read;

allow dexoptanalyzer installd:fd use;
allow dexoptanalyzer installd:fifo_file { getattr write };

# Acquire advisory lock on /system/framework/arm/*
allow dexoptanalyzer system_file:file lock;

# Allow reading secondary dex files that were reported by the app to the
# package manager.
allow dexoptanalyzer { privapp_data_file app_data_file }:dir { getattr search };
allow dexoptanalyzer { privapp_data_file app_data_file }:file { getattr read map };
# dexoptanalyzer calls access(2) with W_OK flag on app data. We can use the
# "dontaudit...audit_access" policy line to suppress the audit access without
# suppressing denial on actual access.
dontaudit dexoptanalyzer { privapp_data_file app_data_file }:dir audit_access;

# Allow testing /data/user/0 which symlinks to /data/data
allow dexoptanalyzer system_data_file:lnk_file { getattr };
v811_spc009_project 4 months ago			`# dexoptanalyzer`
			`type dexoptanalyzer, domain, coredomain, mlstrustedsubject;`
			`type dexoptanalyzer_exec, system_file_type, exec_type, file_type;`
			`type dexoptanalyzer_tmpfs, file_type;`

			`r_dir_file(dexoptanalyzer, apk_data_file)`
			`# Access to /vendor/app`
			`r_dir_file(dexoptanalyzer, vendor_app_file)`

			`# Reading an APK opens a ZipArchive, which unpack to tmpfs.`
			`# Use tmpfs_domain() which will give tmpfs files created by dexoptanalyzer their`
			`# own label, which differs from other labels created by other processes.`
			`# This allows to distinguish in policy files created by dexoptanalyzer vs other`
			`#processes.`
			`tmpfs_domain(dexoptanalyzer)`

			`# Read symlinks in /data/dalvik-cache. This is required for PIC mode boot`
			`# app_data_file the oat file is symlinked to the original file in /system.`
			`allow dexoptanalyzer dalvikcache_data_file:dir { getattr search };`
			`allow dexoptanalyzer dalvikcache_data_file:file r_file_perms;`
			`allow dexoptanalyzer dalvikcache_data_file:lnk_file read;`

			`allow dexoptanalyzer installd:fd use;`
			`allow dexoptanalyzer installd:fifo_file { getattr write };`

			`# Acquire advisory lock on /system/framework/arm/*`
			`allow dexoptanalyzer system_file:file lock;`

			`# Allow reading secondary dex files that were reported by the app to the`
			`# package manager.`
			`allow dexoptanalyzer { privapp_data_file app_data_file }:dir { getattr search };`
			`allow dexoptanalyzer { privapp_data_file app_data_file }:file { getattr read map };`
			`# dexoptanalyzer calls access(2) with W_OK flag on app data. We can use the`
			`# "dontaudit...audit_access" policy line to suppress the audit access without`
			`# suppressing denial on actual access.`
			`dontaudit dexoptanalyzer { privapp_data_file app_data_file }:dir audit_access;`

			`# Allow testing /data/user/0 which symlinks to /data/data`
			`allow dexoptanalyzer system_data_file:lnk_file { getattr };`