1a60998ac0
Currently update_verifier only verifies the blocks when dm-verity is in
'enforcing' mode; and dm-verity will reboot the device upon detection of
errors. However, sometimes the verity mode is not guaranteed to be
correct. When mode is 'eio' for example, dm-verity will not trigger
a reboot but rather fail the read. So update_verifier need to take the
responsibility to reboot the device. Otherwise the device will continue
to boot without setting the flag "isSlotMarkedSuccessful".
Denial message:
update_verifier: type=1400 audit(0.0:18): avc: denied { write } for
name="property_service" dev="tmpfs" ino=14678 scontext=u:r:update_verifier:s0
tcontext=u:object_r:property_socket:s0 tclass=sock_file permissive=0
Bug: 36260064
Test: powerctl property sets successfully
Change-Id: I7431f87e2d61be1425397732aebb369d4ad4c26c
19 lines
627 B
Text
19 lines
627 B
Text
# update_verifier
|
|
type update_verifier, domain;
|
|
type update_verifier_exec, exec_type, file_type;
|
|
|
|
# Allow update_verifier to reach block devices in /dev/block.
|
|
allow update_verifier block_device:dir search;
|
|
|
|
# Read care map in /data/ota_package/.
|
|
allow update_verifier ota_package_file:dir r_dir_perms;
|
|
allow update_verifier ota_package_file:file r_file_perms;
|
|
|
|
# Read all blocks in dm wrapped system partition.
|
|
allow update_verifier dm_device:blk_file r_file_perms;
|
|
|
|
# Allow update_verifier to reboot the device.
|
|
set_prop(update_verifier, powerctl_prop)
|
|
|
|
# Use Boot Control HAL
|
|
hal_client_domain(update_verifier, hal_bootctl)
|