Allow /data odex files to be already loaded when creating app zygotes.

Only allow odex files that don't have AOT or DEX code within.

Test: atest android.appsecurity.cts.UseEmbeddedDexTest
Bug: 179915231
Change-Id: I063c32ac6a9ffb36e908aa9861e275e35d7d23b6
diff --git a/runtime/oat_file_manager.cc b/runtime/oat_file_manager.cc
index 7a82899..74fe110 100644
--- a/runtime/oat_file_manager.cc
+++ b/runtime/oat_file_manager.cc
@@ -845,7 +845,14 @@
 
   for (const std::unique_ptr<const OatFile>& oat_file : oat_files_) {
     if (boot_set.find(oat_file.get()) == boot_set.end()) {
-      CHECK(LocationIsOnSystem(oat_file->GetLocation().c_str())) << oat_file->GetLocation();
+      if (!LocationIsOnSystem(oat_file->GetLocation().c_str())) {
+        // When the file is not on system, we check whether the oat file has any
+        // AOT or DEX code. It is a fatal error if it has.
+        if (CompilerFilter::IsAotCompilationEnabled(oat_file->GetCompilerFilter()) ||
+            oat_file->ContainsDexCode()) {
+          LOG(FATAL) << "Executing untrusted code from " << oat_file->GetLocation();
+        }
+      }
     }
   }
   only_use_system_oat_files_ = true;