Merge "overlayfs: Rules for mounting overlays from second stage init"

commit: 3419d11207c296a2aefe22f909d0d0fa82b96d2c [log] [tgz]
author: Yi-yo Chiang <yochiang@google.com> Wed Dec 14 07:18:06 2022 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Wed Dec 14 07:18:06 2022 +0000
tree: ee6827666c17493fa9e31540abff73b67888d830
parent: bdd2fe9a2638484f1ef4da5ca069cf89b7a436c8 [diff]
parent: d59c75884de0403cf4710389fa26c87d9a1d1d42 [diff]
diff --git a/public/init.te b/public/init.te
index fa51ef5..a399b3a 100644
--- a/public/init.te
+++ b/public/init.te

@@ -379,7 +379,8 @@
 userdebug_or_eng(`
   # Overlayfs workdir write access check during mount to permit remount,rw
   allow init overlayfs_file:dir { relabelfrom mounton write };
-  allow init overlayfs_file:file { append };
+  allow init overlayfs_file:file { append rename };
+  allow init overlayfs_file:chr_file unlink;
   allow init system_block_device:blk_file { write };
 ')
commit	3419d11207c296a2aefe22f909d0d0fa82b96d2c	[log] [tgz]
author	Yi-yo Chiang <yochiang@google.com>	Wed Dec 14 07:18:06 2022 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Wed Dec 14 07:18:06 2022 +0000
tree	ee6827666c17493fa9e31540abff73b67888d830
parent	bdd2fe9a2638484f1ef4da5ca069cf89b7a436c8 [diff]
parent	d59c75884de0403cf4710389fa26c87d9a1d1d42 [diff]