Give heapprofd dac_read_search on userdebug.
This is needed because some oat dex files are generated without world
readable permissions. See the bug for details.
We are still constrained by the SELinux rules above.
Bug: 129048073
Change-Id: I84e34f83ceb299ff16b29a78f16c620fc0aa5d68
diff --git a/private/domain.te b/private/domain.te
index 8431957..137d5f2 100644
--- a/private/domain.te
+++ b/private/domain.te
@@ -279,6 +279,7 @@
neverallow ~{
dac_override_allowed
traced_probes
+ userdebug_or_eng(`heapprofd')
} self:global_capability_class_set dac_read_search;
# Limit what domains can mount filesystems or change their mount flags.
diff --git a/private/heapprofd.te b/private/heapprofd.te
index 1339673..98645a2 100644
--- a/private/heapprofd.te
+++ b/private/heapprofd.te
@@ -46,8 +46,18 @@
r_dir_file(heapprofd, apk_data_file)
r_dir_file(heapprofd, dalvikcache_data_file)
r_dir_file(heapprofd, vendor_file_type)
+ # Some dex files are not world-readable.
+ # We are still constrained by the SELinux rules above.
+ allow heapprofd self:global_capability_class_set dac_read_search;
')
+# This is going to happen on user but is benign because central heapprofd
+# does not actually need these permission.
+# If the dac_read_search capability check is rejected, the kernel then tries
+# to perform a dac_override capability check, so we need to dontaudit that
+# as well.
+dontaudit heapprofd self:global_capability_class_set { dac_read_search dac_override };
+
never_profile_heap(`{
bpfloader
init