Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_core / ec6e99816272712ccfb29375446b13654f3a7fe8
commitec6e99816272712ccfb29375446b13654f3a7fe8[log] [tgz]
authorMarcin Radomski <dextero@google.com>Tue Mar 11 19:06:33 2025 +0000
committerMarcin Radomski <dextero@google.com>Tue Mar 11 19:11:56 2025 +0000
treec14c561518a731c3c632b94c8a1cbac8f73645bd
parent1ca87c72053347af7322a0d1228073a3f0938498 [diff]
init: fix SELinux denials on remounting from new netns

Never mount /sys/kernel/debug/tracing. This is the *one* mount that is
special within Linux kernel: for backward compatibility tracefs gets
auto-mounted there whenever one mounts debugfs [1].

The auto-mounting logic used to be guarded by an Android-specific kernel
config flag in some older Android kernels 5.10 [2], but that patch was
not cherry picked into newer kernels, so the automounting happens
whether we want it or not.

Attempting to mount the filesystem here will cause SELinux denials,
because unlike *all other* filesystems in Android, it's not init who
mounted it so there's no policy that would allow it.

This caused test failures in CI on
aosp_cf_x86_64_auto-trunk_staging-userdebug [3].

[1] https://lore.kernel.org/lkml/20150204143755.694479564@goodmis.org/
[2] https://android-review.googlesource.com/c/kernel/common/+/1664712
[3] https://android-build.corp.google.com/test_investigate/invocation/I06400010375485931/test/TR91729660607423480/

Bug: 399071958
Test: abtd run of aosp_cf_x86_64_auto-trunk
Change-Id: I6692d2b11d26fdcc8ed6411776a955a6d97d9e29
1 file changed
tree: c14c561518a731c3c632b94c8a1cbac8f73645bd
  1. bootstat/
  2. cli-test/
  3. code_coverage/
  4. debuggerd/
  5. diagnose_usb/
  6. fastboot/
  7. fs_mgr/
  8. gatekeeperd/
  9. healthd/
  10. include/
  11. init/
  12. janitors/
  13. libappfuse/
  14. libasyncio/
  15. libcrypto_utils/
  16. libcutils/
  17. libgrallocusage/
  18. libkeyutils/
  19. libmodprobe/
  20. libnetutils/
  21. libpackagelistparser/
  22. libprocessgroup/
  23. libsparse/
  24. libstats/
  25. libsuspend/
  26. libsync/
  27. libsystem/
  28. libsysutils/
  29. libusbhost/
  30. libutils/
  31. libvendorsupport/
  32. libvndksupport/
  33. llkd/
  34. mini_keyctl/
  35. mkbootfs/
  36. overlay_remounter/
  37. property_service/
  38. reboot/
  39. rootdir/
  40. run-as/
  41. sdcard/
  42. shell_and_utilities/
  43. storaged/
  44. toolbox/
  45. trusty/
  46. usbd/
  47. watchdogd/
  48. .clang-format.clang-format-4
  49. .clang-format-2 ⇨ ../../build/soong/scripts/system-clang-format-2
  50. .clang-format-4 ⇨ ../../build/soong/scripts/system-clang-format
  51. rustfmt.toml ⇨ ../../build/soong/scripts/rustfmt.toml
  52. .gitignore
  53. Android.bp
  54. CleanSpec.mk
  55. MODULE_LICENSE_APACHE2
  56. OWNERS
  57. PREUPLOAD.cfg