overlayfs: Rules for mounting overlays from second stage init

Overlayfs failed to mount during second stage init because init is lacking these permissions. These permissions are asserted by the overlayfs driver during mount operation, see fs/overlayfs/super.c:ovl_check_rename_whiteout (https://source.corp.google.com/kernel-upstream/fs/overlayfs/super.c;l=1182;bpv=1;bpt=1) Bug: 243501054 Test: adb remount && check that overlay is active after reboot Change-Id: I258646b65a49487e6f22a6742ff59e9a0d57b5c0
2022-12-13 01:43:22 +08:00 · 2022-12-13 01:43:22 +08:00 · d59c75884d
commit d59c75884d
parent 64711e9de5
1 changed files with 2 additions and 1 deletions
--- a/public/init.te
+++ b/public/init.te
@ -379,7 +379,8 @@ allow init proc_filesystems:file r_file_perms;
 userdebug_or_eng(`
  # Overlayfs workdir write access check during mount to permit remount,rw
  allow init overlayfs_file:dir { relabelfrom mounton write };
-  allow init overlayfs_file:file { append };
+  allow init overlayfs_file:file { append rename };
+  allow init overlayfs_file:chr_file unlink;
  allow init system_block_device:blk_file { write };
 ')