955029aa1b
There has been no section in the linker config file for the binaries
under /postinstall. As a result, the binaries were run with the legacy
default config where /vendor/lib and /odm/lib are added to the search
paths. This is causing selinux denials as the binaries for OTA are not
allowed to access /vendor/lib or /odm/lib, but the dynamic linker calls
realpath(3) on the paths to canonicalize them.
Fixing the issue by letting /postinstall/* binaries to run with a
dedicated linker namespace config, where /vendor/lib and /odm/lib are
not added to the search paths. Not having the paths is okay because
he OTA binaries should not have dependency to the libs there.
Bug: 75287236
Test: do the OTA, selinux denials on postinstall_file is not shown
Test: above test should pass on wahoo, marlin and pre-treble devices
Merged-In: I49c11a0929002adfef667890c0a375c2b41054f4
Change-Id: I49c11a0929002adfef667890c0a375c2b41054f4
(cherry picked from commit
|
||
---|---|---|
.. | ||
etc | ||
Android.mk | ||
asan.options | ||
asan_extract.rc | ||
asan_extract.sh | ||
init-debug.rc | ||
init.environ.rc.in | ||
init.rc | ||
init.usb.configfs.rc | ||
init.usb.rc | ||
init.zygote32.rc | ||
init.zygote32_64.rc | ||
init.zygote64.rc | ||
init.zygote64_32.rc | ||
OWNERS | ||
ueventd.rc |