Detect native code loading by untrusted_app.
Modify the regex to cover untrusted_app as well as untrusted_app_25
and untrusted_app_27.
Add a test to verify.
Bug: 126536482
Test: atest DynamicCodeLoggerIntegrationsTests
Change-Id: Ie4cbabfb55a5e78868cc6ee8ec46270ab3bf75d1
diff --git a/services/core/java/com/android/server/pm/DynamicCodeLoggingService.java b/services/core/java/com/android/server/pm/DynamicCodeLoggingService.java
index d53d81c..a1ff76fc 100644
--- a/services/core/java/com/android/server/pm/DynamicCodeLoggingService.java
+++ b/services/core/java/com/android/server/pm/DynamicCodeLoggingService.java
@@ -61,7 +61,7 @@
private static final Pattern EXECUTE_NATIVE_AUDIT_PATTERN =
Pattern.compile(".*\\bavc: granted \\{ execute(?:_no_trans|) \\} .*"
+ "\\bpath=(?:\"([^\" ]*)\"|([0-9A-F]+)) .*"
- + "\\bscontext=u:r:untrusted_app_2(?:5|7):.*"
+ + "\\bscontext=u:r:untrusted_app(?:_25|_27)?:.*"
+ "\\btcontext=u:object_r:app_data_file:.*"
+ "\\btclass=file\\b.*");