a59b030341
Bug: 206869687 Test: Add debug log to compos. See correct content from the proto. Change-Id: I4f2b4096808efc1b15c218a225b451731f37e43d
25 lines
960 B
Text
25 lines
960 B
Text
# authfs is a FUSE-based filesystem to support "remote" file access normally
|
|
# over vsock, backed by a file server backend on Android.
|
|
|
|
type authfs, domain, coredomain;
|
|
type authfs_exec, exec_type, file_type, system_file_type;
|
|
|
|
allow authfs self:vsock_socket create_socket_perms_no_ioctl;
|
|
|
|
# Allow basic rules to implement FUSE.
|
|
# TODO(195554831): Move the privilege to authfs_service
|
|
allow authfs fuse_device:chr_file rw_file_perms;
|
|
allow authfs self:global_capability_class_set sys_admin;
|
|
|
|
# Allow mounting authfs.
|
|
# TODO(195554831): Move the privilege to authfs_service.
|
|
allow authfs fuse:filesystem relabelfrom;
|
|
allow authfs authfs_fuse:filesystem { mount relabelfrom relabelto };
|
|
allow authfs authfs_data_file:dir { mounton search };
|
|
|
|
# Allow authfs to access extra APK mount.
|
|
allow authfs extra_apk_file:file r_file_perms;
|
|
allow authfs extra_apk_file:dir search;
|
|
|
|
# TODO(195568812): Don't pass FD 0,1,2 unnecessarily.
|
|
allow authfs authfs_service:fd use;
|