No need to bind-mount bionic libraries
This is a partial revert of https://android-review.googlesource.com/c/platform/system/sepolicy/+/891474 The mount points at /bionic are gone. Therefore, init and otapreopt_chroot do not need to bionic-mount bionic libraries. Corresponding policies are removed. Bug: 125549215 Bug: 113373927 Bug: 120266448 Test: m; device boots Change-Id: I9d9d7ec204315fb5b66beec4e6a3c529bd827590
This commit is contained in:
Jiyong Park
parent
af9d7b15a3
commit
5a74473d1b
3 changed files with 0 additions and 20 deletions
|
|
@ -39,10 +39,6 @@
|
|||
/etc u:object_r:rootfs:s0
|
||||
/sdcard u:object_r:rootfs:s0
|
||||
|
||||
/bionic(/.*)? u:object_r:system_file:s0
|
||||
/bionic/lib(64)?(/.*)? u:object_r:system_lib_file:s0
|
||||
/bionic/bin/linker(64)? u:object_r:system_linker_exec:s0
|
||||
|
||||
# SELinux policy files
|
||||
/vendor_file_contexts u:object_r:file_contexts_file:s0
|
||||
/nonplat_file_contexts u:object_r:file_contexts_file:s0
|
||||
|
|
|
|||
|
|
@ -32,13 +32,6 @@ allow otapreopt_chroot postinstall_apex_mnt_dir:dir create_dir_perms;
|
|||
# Allow otapreopt_chroot to mount APEX packages in /postinstall/apex.
|
||||
allow otapreopt_chroot postinstall_apex_mnt_dir:dir mounton;
|
||||
|
||||
# Allow otapreopt_chroot to bind-mount Bionic artifacts from the Runtime APEX
|
||||
# into /postinstall/bionic/.
|
||||
allow otapreopt_chroot postinstall_file:file mounton;
|
||||
# Allow otapreopt_chroot to read the /postinstall/system/bin/linker(64) symlink to
|
||||
# /postinstall/bionic/bin/linker(64) when executing /postinstall/system/bin/otapreopt.
|
||||
allow otapreopt_chroot postinstall_file:lnk_file read;
|
||||
|
||||
# Allow otapreopt_chroot to access /dev/block (needed to detach loop
|
||||
# devices used by ext4 images from APEX packages).
|
||||
allow otapreopt_chroot block_device:dir r_dir_perms;
|
||||
|
|
|
|||
|
|
@ -87,15 +87,6 @@ allow init device:dir mounton;
|
|||
# Mount tmpfs on /apex
|
||||
allow init apex_mnt_dir:dir mounton;
|
||||
|
||||
# Mount Bionic libraries and dynamic linkers
|
||||
allow init system_lib_file:file mounton;
|
||||
allow init system_linker_exec:file mounton;
|
||||
# The mount points under /bionic are rootfs in recovery mode. Init should
|
||||
# be able to bind-mount the bootstrap Bionic to the mount points.
|
||||
recovery_only(`
|
||||
allow init rootfs:file mounton;
|
||||
')
|
||||
|
||||
# Create and remove symlinks in /.
|
||||
allow init rootfs:lnk_file { create unlink };
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue