diff options
| author | David Anderson <dvander@google.com> | 2020-12-08 00:21:20 -0800 |
|---|---|---|
| committer | David Anderson <dvander@google.com> | 2021-01-08 16:39:51 -0800 |
| commit | 491e4da3720b24d7db4536733fac3604ba3f67dc (patch) | |
| tree | 83391c258637acb3665fbd9dcf71be5360554778 /trusty/coverage/coverage.cpp | |
| parent | 5266e041ef19acadb6d90f43892fe39ab8336251 (diff) | |
init: Add an selinux transition for snapuserd.
With compressed VAB updates, it is not possible to mount /system without
first running snapuserd, which is the userspace component to the dm-user
kernel module. This poses a problem because as soon as selinux
enforcement is enabled, snapuserd (running in a kernel context) does not
have access to read and decompress the underlying system partition.
To account for this, we split SelinuxInitialize into multiple steps:
First, sepolicy is read into an in-memory string.
Second, the device-mapper tables for all snapshots are rebuilt. This
flushes any pending reads and creates new dm-user devices. The original
kernel-privileged snapuserd is then killed.
Third, sepolicy is loaded from the in-memory string.
Fourth, we re-launch snapuserd and connect it to the newly created
dm-user devices. As part of this step we restorecon device-mapper
devices and /dev/block/by-name/super, since the new snapuserd is in a
limited context.
Finally, we set enforcing mode.
This sequence ensures that snapuserd has appropriate privileges with a
minimal number of permissive audits.
Bug: 173476209
Test: full OTA with VABC applies and boots
Change-Id: Ie4e0f5166b01c31a6f337afc26fc58b96217604e
Diffstat (limited to 'trusty/coverage/coverage.cpp')
0 files changed, 0 insertions, 0 deletions