Add remount.te to allow adb remount-related operations
* init_daemon_domain because clean_scratch_files is executed by init * gsid related plumbing for libfs_mgr_binder Bug: 204836146 Test: Presubmit Change-Id: Idd7eacd577f538d194252174ab1e3d8396f08fb1
This commit is contained in:
parent
54bd8438b1
commit
8638a44a2d
2 changed files with 16 additions and 0 deletions
|
@ -285,6 +285,7 @@
|
|||
/system/bin/recovery-refresh u:object_r:recovery_refresh_exec:s0
|
||||
/system/bin/sdcard u:object_r:sdcardd_exec:s0
|
||||
/system/bin/snapshotctl u:object_r:snapshotctl_exec:s0
|
||||
/system/bin/remount u:object_r:remount_exec:s0
|
||||
/system/bin/dhcpcd u:object_r:dhcp_exec:s0
|
||||
/system/bin/dhcpcd-6\.8\.2 u:object_r:dhcp_exec:s0
|
||||
/system/bin/mtpd u:object_r:mtp_exec:s0
|
||||
|
|
15
private/remount.te
Normal file
15
private/remount.te
Normal file
|
@ -0,0 +1,15 @@
|
|||
type remount, domain, coredomain;
|
||||
type remount_exec, system_file_type, exec_type, file_type;
|
||||
|
||||
userdebug_or_eng(`
|
||||
# Allow init to run clean_scratch_files and do auto domain transfer.
|
||||
init_daemon_domain(remount)
|
||||
|
||||
# Allow talking to gsid.
|
||||
binder_use(remount)
|
||||
allow remount gsi_service:service_manager find;
|
||||
binder_call(remount, gsid)
|
||||
|
||||
# Allow searching for /metadata/gsi/remount/lp_metadata.
|
||||
allow remount { metadata_file gsi_metadata_file_type }:dir search;
|
||||
')
|
Loading…
Reference in a new issue