16dfb432b3
Previously we would mount OTA images with a 'context=...' mount option. This meant that all selinux contexts were ignored in the ota image, limiting the usefulness of selinux in this situation. To fix this the mount has been changed to not overwrite the declared contexts and the policies have been updated to accurately describe the actions being performed by an OTA. Bug: 181182967 Test: Manual OTA of blueline Merged-In: I5eb53625202479ea7e75c27273531257d041e69d Change-Id: I5eb53625202479ea7e75c27273531257d041e69d
5 lines
216 B
Text
5 lines
216 B
Text
typeattribute postinstall coredomain;
|
|
type postinstall_exec, system_file_type, exec_type, file_type;
|
|
domain_auto_trans(postinstall, otapreopt_chroot_exec, otapreopt_chroot)
|
|
|
|
allow postinstall rootfs:dir r_dir_perms;
|