diff options
| author | Yifan Hong <elsk@google.com> | 2019-01-08 13:33:52 -0800 |
|---|---|---|
| committer | Yifan Hong <elsk@google.com> | 2019-01-08 15:01:32 -0800 |
| commit | 3be2c7a14bc6a691f00421021c203d9b62b78f17 (patch) | |
| tree | 7d7567a988c15d0de23e3697b0bfcdf4d07541e1 /libutils/Unicode.cpp | |
| parent | e7bb1b3e39256b4c38ef6396810214aebe5394ee (diff) | |
fs_mgr: overlayfs_mount_scratch don't write to system_other
This change removes this denial:
avc: denied { write } for comm="init" name="sda6" dev="tmpfs" \
ino=25715 scontext=u:r:init:s0 tcontext=u:object_r:system_block_device:s0 \
tclass=blk_file permissive=0
The reason is that during any mount_all in init,
fs_mgr_overlayfs_mount_all() will mount a list of candidates for
scratch, which includes system_other. However, in order to probe
if /overlay directory exist in the partition, it only needs read
access to the block device, and mount the partition as readonly.
If the block device is a true candidate (i.e. it does have /overlay),
re-mount it as writable.
Test: flash, wipe, boot, denial goes away, cppreopt is successful
Test: boot the second time, no denials (no cppreopt this time)
Fixes: 122454600
Change-Id: I465b363eac755d79711e4f82955cd98450527122
Diffstat (limited to 'libutils/Unicode.cpp')
0 files changed, 0 insertions, 0 deletions