Merge tag 'LA.QSSI.12.0.r1-06800-qssi.0' into sugisawa-mr1HEADsugisawa-mr1

"LA.QSSI.12.0.r1-06800-qssi.0"

Change-Id: I35dbb71151ce8b3bf68b425732a761532c638017

1 files changed, 25 insertions, 0 deletions

diff --git a/prebuilts/api/32.0/private/derive_classpath.te b/prebuilts/api/32.0/private/derive_classpath.te
new file mode 100644
index 000000000..2299ba092
--- /dev/null
+++ b/prebuilts/api/32.0/private/derive_classpath.te
@@ -0,0 +1,25 @@
+
+# Domain for derive_classpath
+type derive_classpath, domain, coredomain;
+type derive_classpath_exec, system_file_type, exec_type, file_type;
+init_daemon_domain(derive_classpath)
+
+# Read /apex
+allow derive_classpath apex_mnt_dir:dir r_dir_perms;
+
+# Create /data/system/environ/classpath file
+allow derive_classpath environ_system_data_file:dir rw_dir_perms;
+allow derive_classpath environ_system_data_file:file create_file_perms;
+
+# b/183079517 fails on gphone targets otherwise
+allow derive_classpath unlabeled:dir search;
+
+# Allow derive_classpath to write the classpath into ota dexopt
+# - Read the ota's apex dir
+allow derive_classpath postinstall_apex_mnt_dir:dir r_dir_perms;
+# - Report the BCP to the ota's dexopt
+allow derive_classpath postinstall_dexopt:dir search;
+allow derive_classpath postinstall_dexopt:fd use;
+allow derive_classpath postinstall_dexopt:file read;
+allow derive_classpath postinstall_dexopt:lnk_file read;
+allow derive_classpath postinstall_dexopt_tmpfs:file rw_file_perms;