Merge "Allow fastbootd to mount /metadata in recovery." am: deef325f8f
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1674731 Change-Id: Ie7dd9a29f2455c81b8d0fc452d670b67895f89e7
This commit is contained in:
commit
8b039a7b43
3 changed files with 5 additions and 3 deletions
|
@ -359,7 +359,7 @@ neverallow ~{
|
|||
neverallow {
|
||||
domain
|
||||
-apexd
|
||||
recovery_only(`userdebug_or_eng(`-fastbootd')')
|
||||
recovery_only(`-fastbootd')
|
||||
-init
|
||||
-kernel
|
||||
-otapreopt_chroot
|
||||
|
|
|
@ -38,4 +38,7 @@ recovery_only(`
|
|||
|
||||
# Get fastbootd protocol property
|
||||
get_prop(fastbootd, fastbootd_protocol_prop)
|
||||
|
||||
# Mount /metadata to interact with Virtual A/B snapshots.
|
||||
allow fastbootd labeledfs:filesystem { mount unmount };
|
||||
')
|
||||
|
|
|
@ -48,7 +48,7 @@ recovery_only(`
|
|||
# libfiemap.
|
||||
allow fastbootd metadata_block_device:blk_file r_file_perms;
|
||||
allow fastbootd {rootfs tmpfs}:dir mounton;
|
||||
allow fastbootd metadata_file:dir { search getattr };
|
||||
allow fastbootd metadata_file:dir { search getattr mounton };
|
||||
allow fastbootd gsi_metadata_file_type:dir rw_dir_perms;
|
||||
allow fastbootd gsi_metadata_file_type:file create_file_perms;
|
||||
|
||||
|
@ -97,7 +97,6 @@ recovery_only(`
|
|||
vendor_file_type
|
||||
}:{ file lnk_file } unlink;
|
||||
allow fastbootd tmpfs:dir rw_dir_perms;
|
||||
allow fastbootd labeledfs:filesystem { mount unmount };
|
||||
# Fetch vendor_boot partition
|
||||
allow fastbootd boot_block_device:blk_file r_file_perms;
|
||||
')
|
||||
|
|
Loading…
Reference in a new issue