I'm working on a Marshmallow system and having more problems than ever. LOCAL_DEX_PREOPT is just the first step. Then I ran into linux permission trouble and SELinux...
When pushing the system APK I get errors such as:
02-01 20:58:26.302 E/dex2oat ( 3045): Failed to create oat file: /data/dalvik-cache/arm64/system@priv-app@x...@xyz.apk@classes.dex: Permission denied
[ 1614.216323] type=1400 audit(686361.299:48): avc: denied { write } for pid=2640 comm="oid.xyz" name="arm64" dev="dm-0" ino=360453 scontext=u:r:system_app:s0 tcontext=u:object_r:dalvikcache_data_file:s0 tclass=dir permissive=0
To fix this stuff I had to modify app_main.cpp:
+ // For engineers, needed to allow pushing locally built APKs
+ int dalvikCacheDirAid = AID_ROOT;
+ char prop[PROP_VALUE_MAX];
+ if (property_get("ro.build.type", prop, NULL) != 0) {
+ if (strcmp("eng", prop) == 0) {
+ dalvikCacheDirAid = AID_SYSTEM;
+ }
+ }
// We always perform these steps because the directory might
// already exist, with wider permissions and a different owner
// than we'd like.
- result = chown(dalvikCacheDir, AID_ROOT, AID_ROOT);
+ result = chown(dalvikCacheDir, dalvikCacheDirAid, dalvikCacheDirAid);
Then I had to make changes to SELinux...
system_app.te:
+userdebug_or_eng(`
+ allow system_app dalvikcache_data_file:file rw_file_perms;
+ allow system_app dalvikcache_data_file:dir rw_dir_perms;
+')
domain.te:
neverallow {
domain
-init # TODO: limit init to relabelfrom for files
-zygote
-installd
-dex2oat
+ userdebug_or_eng(`
+ -system_app
+ ')
} dalvikcache_data_file:file no_w_file_perms;
neverallow {
domain
-init
-installd
-dex2oat
-zygote
+ userdebug_or_eng(`
+ -system_app
+ ')
} dalvikcache_data_file:dir no_w_dir_perms;
Pretty ugly, maybe there is an easier way?
On Monday, February 1, 2016 at 11:09:40 PM UTC-8, liuyafei wrote: