Merge "Allow dexopt_chroot_setup to mount/unmount debugfs." into main
This commit is contained in:
Treehugger Robot
Gerrit Code Review
commit
c6a554f200
1 changed files with 9 additions and 0 deletions
|
|
@ -41,12 +41,20 @@ allow dexopt_chroot_setup proc_filesystems:file r_file_perms;
|
||||||
allow dexopt_chroot_setup block_device:dir { getattr search };
|
allow dexopt_chroot_setup block_device:dir { getattr search };
|
||||||
|
|
||||||
# Allow mounting file systems, to create a chroot environment.
|
# Allow mounting file systems, to create a chroot environment.
|
||||||
|
# We recursively bind-mount directories under /data, /mnt/expand, /proc, /sys,
|
||||||
|
# and /dev. We need some of them (e.g., incremental-fs directories for
|
||||||
|
# incremental apps in /data; /dev/cpuctl and /dev/blkio for task profiles), but
|
||||||
|
# not necessarily all of them. However, to avoid random crashes and silent
|
||||||
|
# fallbacks, we bind-mount all of them. Therefore, we need access to many of the
|
||||||
|
# fstypes.
|
||||||
|
|
||||||
allow dexopt_chroot_setup {
|
allow dexopt_chroot_setup {
|
||||||
apex_mnt_dir
|
apex_mnt_dir
|
||||||
apk_data_file
|
apk_data_file
|
||||||
binderfs
|
binderfs
|
||||||
cgroup
|
cgroup
|
||||||
cgroup_v2
|
cgroup_v2
|
||||||
|
userdebug_or_eng(debugfs)
|
||||||
debugfs_tracing_debug
|
debugfs_tracing_debug
|
||||||
device
|
device
|
||||||
devpts
|
devpts
|
||||||
|
|
@ -75,6 +83,7 @@ allow dexopt_chroot_setup {
|
||||||
binderfs
|
binderfs
|
||||||
cgroup
|
cgroup
|
||||||
cgroup_v2
|
cgroup_v2
|
||||||
|
userdebug_or_eng(debugfs)
|
||||||
debugfs_tracing_debug
|
debugfs_tracing_debug
|
||||||
devpts
|
devpts
|
||||||
fs_bpf
|
fs_bpf
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue