1type dexopt_chroot_setup, domain, coredomain; 2type dexopt_chroot_setup_exec, system_file_type, exec_type, file_type; 3type dexopt_chroot_setup_tmpfs, file_type; 4 5# Allow dexopt_chroot_setup to publish a binder service and make binder calls. 6binder_use(dexopt_chroot_setup) 7add_service(dexopt_chroot_setup, dexopt_chroot_setup_service) 8allow dexopt_chroot_setup dumpstate:fifo_file { getattr write }; 9allow dexopt_chroot_setup dumpstate:fd use; 10 11init_daemon_domain(dexopt_chroot_setup) 12 13# Use tmpfs_domain() which will give tmpfs files created by dexopt_chroot_setup their 14# own label, which differs from other labels created by other processes. 15# This allows to distinguish in policy files created by dexopt_chroot_setup vs other 16# processes. 17tmpfs_domain(dexopt_chroot_setup) 18 19# libart (mark_compact.cc) has some intialization code that touches the cache 20# info file and userfaultfd. 21allow dexopt_chroot_setup apex_module_data_file:dir { getattr search }; 22r_dir_file(dexopt_chroot_setup, apex_art_data_file) 23userfaultfd_use(dexopt_chroot_setup) 24