fs_mgr: add overlayfs handling for squashfs system filesystems
/cache/overlay directory in support of overlayfs mounts on userdebug and eng devices. Overlayfs in turn can be capable of supporting adb remount for read-only or restricted-storage filesystems like squashfs or right-sized (zero free space) system partitions respectively. Test: compile Bug: 109821005 Bug: 110985612 Change-Id: I3ece03886db7cc97f864497cf93ec6c6c39bccd1
This commit is contained in:
Mark Salyzyn
parent
f3eb985447
commit
9b398f3fb7
10 changed files with 30 additions and 2 deletions
|
|
@ -829,7 +829,10 @@ include $(BUILD_SYSTEM)/base_rules.mk
|
|||
local_fc_files := $(call build_policy, file_contexts, $(PLAT_PRIVATE_POLICY))
|
||||
|
||||
ifneq ($(filter address,$(SANITIZE_TARGET)),)
|
||||
local_fc_files := $(local_fc_files) $(wildcard $(addsuffix /file_contexts_asan, $(PLAT_PRIVATE_POLICY)))
|
||||
local_fc_files += $(wildcard $(addsuffix /file_contexts_asan, $(PLAT_PRIVATE_POLICY)))
|
||||
endif
|
||||
ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT)))
|
||||
local_fc_files += $(wildcard $(addsuffix /file_contexts_overlayfs, $(PLAT_PRIVATE_POLICY)))
|
||||
endif
|
||||
local_fcfiles_with_nl := $(call add_nl, $(local_fc_files), $(built_nl))
|
||||
|
||||
|
|
@ -917,6 +920,9 @@ local_fc_files := $(call build_policy, file_contexts, $(PLAT_PRIVATE_POLICY))
|
|||
ifneq ($(filter address,$(SANITIZE_TARGET)),)
|
||||
local_fc_files += $(wildcard $(addsuffix /file_contexts_asan, $(PLAT_PRIVATE_POLICY)))
|
||||
endif
|
||||
ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT)))
|
||||
local_fc_files += $(wildcard $(addsuffix /file_contexts_overlayfs, $(PLAT_PRIVATE_POLICY)))
|
||||
endif
|
||||
local_fcfiles_with_nl := $(call add_nl, $(local_fc_files), $(built_nl))
|
||||
|
||||
$(LOCAL_BUILT_MODULE): PRIVATE_FC_FILES := $(local_fcfiles_with_nl)
|
||||
|
|
|
|||
|
|
@ -84,6 +84,7 @@
|
|||
netd_stable_secret_prop
|
||||
network_watchlist_data_file
|
||||
network_watchlist_service
|
||||
overlayfs_file
|
||||
package_native_service
|
||||
perfetto
|
||||
perfetto_exec
|
||||
|
|
|
|||
|
|
@ -72,6 +72,7 @@
|
|||
mnt_vendor_file
|
||||
network_watchlist_data_file
|
||||
network_watchlist_service
|
||||
overlayfs_file
|
||||
perfetto
|
||||
perfetto_exec
|
||||
perfetto_tmpfs
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@
|
|||
llkd_exec
|
||||
llkd_tmpfs
|
||||
mnt_product_file
|
||||
overlayfs_file
|
||||
time_prop
|
||||
timedetector_service
|
||||
timezonedetector_service
|
||||
|
|
|
|||
|
|
@ -518,6 +518,11 @@
|
|||
# LocalTransport (backup) uses this subtree
|
||||
/cache/backup(/.*)? u:object_r:cache_private_backup_file:s0
|
||||
|
||||
#############################
|
||||
# Overlayfs support directories
|
||||
#
|
||||
/cache/overlay(/.*)? u:object_r:overlayfs_file:s0
|
||||
|
||||
/data/cache(/.*)? u:object_r:cache_file:s0
|
||||
/data/cache/recovery(/.*)? u:object_r:cache_recovery_file:s0
|
||||
# General backup/restore interchange with apps
|
||||
|
|
|
|||
6
private/file_contexts_overlayfs
Normal file
6
private/file_contexts_overlayfs
Normal file
|
|
@ -0,0 +1,6 @@
|
|||
#############################
|
||||
# Overlayfs support directories for userdebug/eng devices
|
||||
#
|
||||
/cache/overlay/(system|product)/upper u:object_r:system_file:s0
|
||||
/cache/overlay/(vendor|odm)/upper u:object_r:vendor_file:s0
|
||||
/cache/overlay/oem/upper u:object_r:vendor_file:s0
|
||||
|
|
@ -8,6 +8,7 @@ fs_use_xattr xfs u:object_r:labeledfs:s0;
|
|||
fs_use_xattr btrfs u:object_r:labeledfs:s0;
|
||||
fs_use_xattr f2fs u:object_r:labeledfs:s0;
|
||||
fs_use_xattr squashfs u:object_r:labeledfs:s0;
|
||||
fs_use_xattr overlay u:object_r:labeledfs:s0;
|
||||
fs_use_xattr erofs u:object_r:labeledfs:s0;
|
||||
|
||||
# Label inodes from task label.
|
||||
|
|
|
|||
|
|
@ -290,6 +290,8 @@ type system_app_data_file, file_type, data_file_type, core_data_file_type, mlstr
|
|||
# Compatibility with type name used in Android 4.3 and 4.4.
|
||||
# Default type for anything under /cache
|
||||
type cache_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
|
||||
# Type for /cache/overlay
|
||||
type overlayfs_file, file_type, data_file_type, core_data_file_type;
|
||||
# Type for /cache/backup_stage/* (fd interchange with apps)
|
||||
type cache_backup_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
|
||||
# type for anything under /cache/backup (local transport storage)
|
||||
|
|
|
|||
|
|
@ -288,6 +288,11 @@ allow init self:global_capability2_class_set syslog;
|
|||
# init access to /proc.
|
||||
r_dir_file(init, proc_net_type)
|
||||
|
||||
# Overlayfs workdir write access check during mount to permit remount,rw
|
||||
userdebug_or_eng(`
|
||||
allow init overlayfs_file:dir { relabelfrom write };
|
||||
')
|
||||
|
||||
allow init {
|
||||
proc_cmdline
|
||||
proc_diskstats
|
||||
|
|
|
|||
|
|
@ -144,7 +144,7 @@ allow shell domain:dir { search open read getattr };
|
|||
allow shell domain:{ file lnk_file } { open read getattr };
|
||||
|
||||
# statvfs() of /proc and other labeled filesystems
|
||||
# (yaffs2, jffs2, ext2, ext3, ext4, xfs, btrfs, f2fs, squashfs)
|
||||
# (yaffs2, jffs2, ext2, ext3, ext4, xfs, btrfs, f2fs, squashfs, overlay)
|
||||
allow shell { proc labeledfs }:filesystem getattr;
|
||||
|
||||
# stat() of /dev
|
||||
|
|
|
|||
Loading…
Reference in a new issue