Merge "Add remount.te to allow adb remount-related operations" am: 635f273be5 am: a60b99fef5 am: ebcd21ec37 am: 65fa67a250 am: 37f868f131
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1878144
Change-Id: I60d58659686097d6bc178e781377590b5e6587b6
diff --git a/private/file_contexts b/private/file_contexts
index 3049bc6..e7045e0 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -277,6 +277,7 @@
/system/bin/recovery-refresh u:object_r:recovery_refresh_exec:s0
/system/bin/sdcard u:object_r:sdcardd_exec:s0
/system/bin/snapshotctl u:object_r:snapshotctl_exec:s0
+/system/bin/remount u:object_r:remount_exec:s0
/system/bin/dhcpcd u:object_r:dhcp_exec:s0
/system/bin/dhcpcd-6\.8\.2 u:object_r:dhcp_exec:s0
/system/bin/mtpd u:object_r:mtp_exec:s0
diff --git a/private/remount.te b/private/remount.te
new file mode 100644
index 0000000..4dd94a5
--- /dev/null
+++ b/private/remount.te
@@ -0,0 +1,15 @@
+type remount, domain, coredomain;
+type remount_exec, system_file_type, exec_type, file_type;
+
+userdebug_or_eng(`
+ # Allow init to run clean_scratch_files and do auto domain transfer.
+ init_daemon_domain(remount)
+
+ # Allow talking to gsid.
+ binder_use(remount)
+ allow remount gsi_service:service_manager find;
+ binder_call(remount, gsid)
+
+ # Allow searching for /metadata/gsi/remount/lp_metadata.
+ allow remount { metadata_file gsi_metadata_file_type }:dir search;
+')