a1cdf2e311
Previously we would mount OTA images with a 'context=...' mount
option. This meant that all selinux contexts were ignored in the ota
image, limiting the usefulness of selinux in this situation. To fix
this the mount has been changed to not overwrite the declared contexts
and the policies have been updated to accurately describe the actions
being performed by an OTA.
Bug: 181182967
Test: Manual OTA of blueline
Test: lunch wembley-userdebug; m droid
Ignore-AOSP-First: Requires changes to device/mediatek/wembley-sepolicy
to be applied simultaneously to avoid breaking
builds. Once merged this will be cherry-picked back
to AOSP to maintain state.
Change-Id: I5eb53625202479ea7e75c27273531257d041e69d
13 lines
685 B
Text
13 lines
685 B
Text
# type_transition must be private policy the domain_trans rules could stay
|
|
# public, but conceptually should go with this
|
|
# The postinstall program is run by update_engine_common and must be tagged
|
|
# with postinstall_exec in the new filesystem.
|
|
# TODO Have build system attempt to verify this
|
|
domain_auto_trans(update_engine_common, postinstall_exec, postinstall)
|
|
|
|
# Vendor directories can have the transition as well during OTA. This is caused
|
|
# by update_engine execing scripts in vendor to perform any update tasks needed
|
|
# there.
|
|
domain_auto_trans(update_engine_common, postinstall_file, postinstall)
|
|
|
|
allow update_engine_common labeledfs:filesystem { mount unmount relabelfrom };
|