Label the bootstrap linker and bionic mount points

am: 4b3f2c6245 Change-Id: Ia90d5b6960272124e6a19ddb5c0923ecce105073
2019-01-30 21:00:17 -08:00 · 2019-01-30 21:00:17 -08:00 · b546607a27
commit b546607a27
parent 61ceae5c08 4b3f2c6245
2 changed files with 8 additions and 0 deletions
--- a/private/file_contexts
+++ b/private/file_contexts
@ -40,6 +40,10 @@
 /etc                u:object_r:rootfs:s0
 /sdcard             u:object_r:rootfs:s0

+/bionic(/.*)?           u:object_r:system_file:s0
+/bionic/lib(64)?(/.*)?  u:object_r:system_lib_file:s0
+/bionic/bin/linker(64)? u:object_r:system_linker_exec:s0
+
 # SELinux policy files
 /vendor_file_contexts   u:object_r:file_contexts_file:s0
 /nonplat_file_contexts  u:object_r:file_contexts_file:s0
@ -251,6 +255,7 @@
 /system/bin/healthd     u:object_r:healthd_exec:s0
 /system/bin/clatd	u:object_r:clatd_exec:s0
 /system/bin/linker(64)? u:object_r:system_linker_exec:s0
+/system/bin/bootstrap/linker(64)? u:object_r:system_linker_exec:s0
 /system/bin/llkd        u:object_r:llkd_exec:s0
 /system/bin/lmkd        u:object_r:lmkd_exec:s0
 /system/bin/usbd   u:object_r:usbd_exec:s0
--- a/public/domain.te
+++ b/public/domain.te
@ -125,6 +125,9 @@ allow domain system_security_cacerts_file:file r_file_perms;
 allow domain system_linker_exec:file { execute read open getattr map };
 allow domain system_linker_config_file:file r_file_perms;
 allow domain system_lib_file:file { execute read open getattr map };
+# To allow following symlinks at /system/bin/linker, /system/lib/libc.so, etc.
+allow domain system_linker_exec:lnk_file { read open getattr };
+allow domain system_lib_file:lnk_file { read open getattr };

 allow domain system_event_log_tags_file:file r_file_perms;