1# asan_extract
2#
3# This command set moves the artifact corresponding to the current slot
4# from /data/ota to /data/dalvik-cache.
5
6with_asan(`
7  type asan_extract, domain, coredomain;
8  type asan_extract_exec, exec_type, file_type;
9
10  # Allow asan_extract to execute itself using #!/system/bin/sh
11  allow asan_extract shell_exec:file rx_file_perms;
12
13  # We execute log, rm, gzip and tar.
14  allow asan_extract toolbox_exec:file rx_file_perms;
15  allow asan_extract system_file:file execute_no_trans;
16
17  # asan_extract deletes old /data/lib.
18  allow asan_extract system_file:dir { open read remove_name rmdir write };
19  allow asan_extract system_file:file unlink;
20
21  # asan_extract untars ASAN libraries into /data.
22  allow asan_extract system_data_file:dir create_dir_perms ;
23  allow asan_extract system_data_file:{ file lnk_file } create_file_perms ;
24
25  # Relabel the libraries with restorecon.
26  allow asan_extract file_contexts_file:file r_file_perms;
27  allow asan_extract system_data_file:{ dir file } relabelfrom;
28  allow asan_extract system_file:dir { relabelto setattr };
29  allow asan_extract system_file:file relabelto;
30
31  # Restorecon will actually already try to run with sanitized libraries (libpackagelistparser).
32  allow asan_extract system_data_file:file execute;
33
34  # We use asan.restore_reboot to signal a reboot is required.
35  set_prop(asan_extract, asan_reboot_prop)
36')
37