Starting with
91a9ab7c94
, calling io_uring_setup will need selinux permission to create anon
inodes.
Test: th
Bug: 244785938
Change-Id: I351983fefabe0f6fdaf9272506ea9dd24bc083a9
snapuserd uses an inotify watch to detect when /dev/socket/snapuserd has
been created.
Bug: N/A
Test: no denials after applying OTA on cuttlefish
Change-Id: I2ca16aee84ce7648bceea5c5de32a561b932f528
Add selinux policy to allow snapuserd to search
through /dev/block/ and read /sys/block directory.
Bug: 193863442
Test: OTA on pixel
Signed-off-by: Akilesh Kailash <akailash@google.com>
Change-Id: I656aee69f4c07ed7caeb1c3c14e44e1a25bd1ba1
This adds a new property prefix owned by snapuserd, for communicating
when the service is ready to accept connections (snapuserd.ready and
snapuserd.proxy_ready).
This also adds a new socket context. This is a seqpacket socket used to
communicate with a special instance of snapuserd that bridges to the
first-stage daemon.
Bug: 193833730
Test: no denials after OTA applies and boots
Change-Id: Ibad03659eba5c25e205ba00f27d0b4f98585a84b
The initial launch of snapuserd happens in first-stage init, before
sepolicy is loaded, since snapuserd is needed to mount initial
partitions. After sepolicy is loaded, we immediately re-launch snapuserd
in the correct context. This requires a transition similar to init.
The "allow" lines for the kernel happen in permissive mode, since we
need to relabel critical parts of /dev/block in order to re-launch
snapuserd.
Bug: 173476209
Test: OTA applies with ro.virtual_ab.compression.enabled = true
Change-Id: I80184e737ccb558107a14b384a61f7fec31c9428
Restrict access to controlling snapuserd via ctl properties. Allow
update_engine to control snapuserd, and connect/write to its socket.
update_engine needs this access so it can create the appropriate dm-user
device (which sends queries to snapuserd), which is then used to build
the update snapshot.
This also fixes a bug where /dev/dm-user was not properly labelled. As a
result, snapuserd and update_engine have been granted r_dir_perms to
dm_user_device.
Bug: 168554689
Test: full ota with VABC enabled
Change-Id: I1f65ba9f16a83fe3e8ed41a594421939a256aec0
dm-user is a new device-mapper module, providing a FUSE-like service for
block devices. It creates control nodes as misc devices under
/dev/dm-user/. Make sure these nodes get a unique selabel.
snapuserd is a daemon for servicing requests from dm-user. It is a
low-level component of Virtual A/B updates, and provides the bridge
betewen dm-snapshot and the new COW format. For this reason it needs
read/write access to device-mapper devices.
Bug: 168259959
Test: ctl.start snapuserd, no denials
vts_libsnapshot_test, no denials
Change-Id: I36858a23941767f6127d6fbb9e6755c68b91ad31