Don't use apexd when TARGET_FLATTEN_APEX == true

/system/apex/com.android.runtime is labeled as runtime_apex_dir and init is allowed to mount on it. When TARGET_FLATTEN_APEX is true (= ro.apex.updatable is unset or set to false), apexd is not used to activate the built-in flattened APEXes. Init simply bind-mounts /system/apex to /apex. However, there is a special case here. The runtime APEX is installed as either /system/apex/com.android.runtime.debug or /system/apex/com.android.runtime.release, whereas it should be activated on /apex/com.android.runtime - without the .debug or .release suffix. To handle that case, the build system creates an empty directory /system/apex/com.android.runtime and the .debug or .release directory is bind-mounted to the empty directory by init at runtime. Bug: 132413565 Test: marlin is bootable Change-Id: I3fde5ff831429723fecd1fa5c10e44f636a63f09
2019-05-13 12:54:39 +09:00 · 2019-05-13 12:54:39 +09:00 · 99902a175b
commit 99902a175b
parent 2c38836281
6 changed files with 9 additions and 0 deletions
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@ -136,6 +136,7 @@
    recovery_socket
    role_service
    runas_app
+    runtime_apex_dir
    runtime_service
    secure_element
    secure_element_device
--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil
@ -123,6 +123,7 @@
    recovery_socket
    role_service
    runas_app
+    runtime_apex_dir
    runtime_service
    secure_element
    secure_element_device
--- a/private/compat/28.0/28.0.ignore.cil
+++ b/private/compat/28.0/28.0.ignore.cil
@ -114,6 +114,7 @@
    rss_hwm_reset_exec
    runas_app
    runas_app_tmpfs
+    runtime_apex_dir
    runtime_service
    sdcard_block_device
    sensor_privacy_service
--- a/private/file_contexts
+++ b/private/file_contexts
@ -179,6 +179,7 @@
 # System files
 #
 /system(/.*)?		u:object_r:system_file:s0
+/system/apex/com.android.runtime	u:object_r:runtime_apex_dir:s0
 /system/lib(64)?(/.*)?		u:object_r:system_lib_file:s0
 /system/lib(64)?/bootstrap(/.*)? u:object_r:system_bootstrap_lib_file:s0
 /system/bin/atrace	u:object_r:atrace_exec:s0
--- a/public/file.te
+++ b/public/file.te
@ -172,6 +172,8 @@ type vendor_cgroup_desc_file, vendor_file_type, file_type;
 type task_profiles_file, system_file_type, file_type;
 # Vendor task profiles file under /vendor/etc/task_profiles.json
 type vendor_task_profiles_file, vendor_file_type, file_type;
+# Type for /system/apex/com.android.runtime
+type runtime_apex_dir, system_file_type, file_type;

 # Default type for directories search for
 # HAL implementations
--- a/public/init.te
+++ b/public/init.te
@ -92,6 +92,9 @@ allow init device:dir mounton;
 # Mount tmpfs on /apex
 allow init apex_mnt_dir:dir mounton;

+# Bind-mount on /system/apex/com.android.runtime
+allow init runtime_apex_dir:dir mounton;
+
 # Create and remove symlinks in /.
 allow init rootfs:lnk_file { create unlink };