This uses the SELinux audit messages generated when an untrusted app,
targeting SDK 28 or lower, executes native code from an app data
directory. "Executes" here covers memory mapping a file with execute
permission (including using dl_open) or calling execve.
As with dynamic loading of DEX code we write a hash of the contents of
the file executed to the event log.
The existing unit and integration tests are extended to verify the new
behaviour.
Bug: 111338677
Test: atest -p services/core/java/com/android/server/pm/dex
Change-Id: Ifbb3b338135db413be2cd83b1a8e7499d61d88dd
e9d3314dc9