From 4db8cbd552293bede26b47f92357fdcc5e67f977 Mon Sep 17 00:00:00 2001 From: Howard Chen Date: Thu, 14 Jan 2021 15:27:50 +0800 Subject: [PATCH] Add permissions required to install the DSU to a SD card Bug: 171861574 Test: execute following command on a device with a SD card inserted adb shell am start-activity \ -n com.android.dynsystem/com.android.dynsystem.VerificationActivity \ -a android.os.image.action.START_INSTALL \ -d file:///storage/emulated/0/Download/system.raw.gz \ --el KEY_SYSTEM_SIZE $(du -b system.raw|cut -f1) \ --el KEY_USERDATA_SIZE 4294967296 Change-Id: I5c1c170ade9c570c7dab7cb7aff5f099db4b3d8c --- private/gsid.te | 3 ++- private/kernel.te | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/private/gsid.te b/private/gsid.te index fe1d08e9e..a0b74b662 100644 --- a/private/gsid.te +++ b/private/gsid.te @@ -64,10 +64,11 @@ allowxperm gsid { userdata_block_device sdcard_block_device }:blk_file ioctl { # When installing images to an sdcard, gsid needs to be able to stat() the # block device. gsid also calls realpath() to remove symlinks. allow gsid mnt_media_rw_file:dir r_dir_perms; +allow gsid mnt_media_rw_stub_file:dir r_dir_perms; # When installing images to an sdcard, gsid must bypass sdcardfs and install # directly to vfat, which supports the FIBMAP ioctl. -allow gsid vfat:dir rw_dir_perms; +allow gsid vfat:dir create_dir_perms; allow gsid vfat:file create_file_perms; allow gsid sdcard_block_device:blk_file r_file_perms; # This is needed for FIBMAP unfortunately. Oddly FIEMAP does not carry this diff --git a/private/kernel.te b/private/kernel.te index 70ca91207..534116343 100644 --- a/private/kernel.te +++ b/private/kernel.te @@ -30,3 +30,4 @@ allow kernel random_device:chr_file relabelto; allow kernel snapuserd_exec:file relabelto; allow kernel kmsg_device:chr_file write; +allow kernel gsid:fd use;