Add support for RS vendor executables. /vendor/bin/bcc being a dependency of renderscript should be labeled as same_process_hal_file. To facilitate that we relax neverallow rules for executing same_process_hal_file from coredomain. See details on /vendor/bin/bcc: https://source.android.com/devices/architecture/vndk/renderscript Bug: n/a Test: build-time change Change-Id: Ie996fb863090bf08b3d3ef653da827d0b22937d7

commit: dd253e9019ec3ab4700550cf2491aa1cbdc4e8c9 [log] [tgz]
author: Tri Vo <trong@google.com> Mon Aug 06 16:25:36 2018 -0700
committer: Tri Vo <trong@google.com> Tue Aug 07 23:05:08 2018 +0000
tree: 308ab00810f9cbdbaffcc0338096098d3ec7f9db
parent: bd3e300a1309323e02c7144202acb48f40f11946 [diff]
diff --git a/public/domain.te b/public/domain.te
index a049094..f9923ed 100644
--- a/public/domain.te
+++ b/public/domain.te

@@ -1036,7 +1036,10 @@
       coredomain
       -shell
       -system_executes_vendor_violators
-    } vendor_file_type:file execute_no_trans;
+    } {
+      vendor_file_type
+      -same_process_hal_file
+    }:file execute_no_trans;
 ')
 
 # Only authorized processes should be writing to files in /data/dalvik-cache
commit	dd253e9019ec3ab4700550cf2491aa1cbdc4e8c9	[log] [tgz]
author	Tri Vo <trong@google.com>	Mon Aug 06 16:25:36 2018 -0700
committer	Tri Vo <trong@google.com>	Tue Aug 07 23:05:08 2018 +0000
tree	308ab00810f9cbdbaffcc0338096098d3ec7f9db
parent	bd3e300a1309323e02c7144202acb48f40f11946 [diff]