1# asan_extract 2# 3# This command set moves the artifact corresponding to the current slot 4# from /data/ota to /data/dalvik-cache. 5 6with_asan(` 7 type asan_extract, domain, coredomain; 8 type asan_extract_exec, exec_type, file_type; 9 10 # Allow asan_extract to execute itself using #!/system/bin/sh 11 allow asan_extract shell_exec:file rx_file_perms; 12 13 # We execute log, rm, gzip and tar. 14 allow asan_extract toolbox_exec:file rx_file_perms; 15 allow asan_extract system_file:file execute_no_trans; 16 17 # asan_extract deletes old /data/lib. 18 allow asan_extract system_file:dir { open read remove_name rmdir write }; 19 allow asan_extract system_file:file unlink; 20 21 # asan_extract untars ASAN libraries into /data. 22 allow asan_extract system_data_file:dir create_dir_perms ; 23 allow asan_extract system_data_file:{ file lnk_file } create_file_perms ; 24 25 # Relabel the libraries with restorecon. 26 allow asan_extract file_contexts_file:file r_file_perms; 27 allow asan_extract system_data_file:{ dir file } relabelfrom; 28 allow asan_extract system_file:dir { relabelto setattr }; 29 allow asan_extract system_file:file relabelto; 30 31 # Restorecon will actually already try to run with sanitized libraries (libpackagelistparser). 32 allow asan_extract system_data_file:file execute; 33 34 # We use asan.restore_reboot to signal a reboot is required. 35 set_prop(asan_extract, asan_reboot_prop) 36') 37