tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "Allow dexopt_chroot_setup to bind-mount dirs for incremental apps." into main

Browse source
This commit is contained in:
Treehugger Robot 2024-06-04 12:48:49 +00:00 committed by Gerrit Code Review
commit 8d9a89ed9e
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
private/dexopt_chroot_setup.te
View file

@ -43,6 +43,7 @@ allow dexopt_chroot_setup block_device:dir { getattr search };
# Allow mounting file systems, to create a chroot environment.
allow dexopt_chroot_setup {
apex_mnt_dir
apk_data_file
binderfs
cgroup
cgroup_v2
@ -119,6 +120,9 @@ domain_auto_trans(dexopt_chroot_setup, linkerconfig_exec, linkerconfig)
# Allow running snapshotctl through init, to map and unmap block devices.
set_prop(dexopt_chroot_setup, snapshotctl_prop)
# Allow accessing /data/app/..., to bind-mount dirs for incremental apps.
allow dexopt_chroot_setup apk_data_file:dir { getattr search };
# Neverallow rules.
# Never allow running other binaries without a domain transition.