Allow update_engine to scan /sys/fs and /sys/fs/f2fs.
When a bug causes us to leak a file descriptor or resource in the OTA path, it can cause unremovable device-mapper devices. The companion CL in this topic attempts to diagnose such problems by performing a quick scan for things depending on an unremovable block device: mounts, loop devices, and other device-mapper nodes. To detect mounts it would normally be enough to scan /proc/mounts, but with MNT_DETACH the filesystem may still be mounted but not visible to update_engine. This is exactly what happened in b/184715543. To scan for such cases, we look for /sys/fs/ext4/<name> or /sys/fs/f2fs/<name> where <name> is the block device. To make this work, we grant update_engine r_dir_perms to sysfs and sysfs_f2fs_dir. It doesn't actually need to read the contents of any files, the presence of the inode is good enough. Bug: N/A Test: manual test Change-Id: Ib085c9c814180b360e2170135011261bbb7e35b6
This commit is contained in:
David Anderson
parent
10c2ed4e47
commit
5a0d5ccdf7
1 changed files with 4 additions and 0 deletions
|
|
@ -59,6 +59,10 @@ r_dir_file(update_engine_common, sysfs_dt_firmware_android)
|
|||
# Needed because libdm reads sysfs to validate when a dm path is ready.
|
||||
r_dir_file(update_engine_common, sysfs_dm)
|
||||
|
||||
# Scan files in /sys/fs/ext4 and /sys/fs/f2fs for device-mapper diagnostics.
|
||||
allow update_engine_common sysfs:dir r_dir_perms;
|
||||
allow update_engine_common sysfs_fs_f2fs:dir r_dir_perms;
|
||||
|
||||
# read / write on /dev/device-mapper to map / unmap devices
|
||||
allow update_engine_common dm_device:chr_file rw_file_perms;
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue