| Yi-Yo Chiang | 8638a44 | 2021-11-02 22:08:00 +0800 | [diff] [blame] | 1 | type remount, domain, coredomain; |
| 2 | type remount_exec, system_file_type, exec_type, file_type; |
| 3 | |
| 4 | userdebug_or_eng(` |
| 5 | # Allow init to run clean_scratch_files and do auto domain transfer. |
| 6 | init_daemon_domain(remount) |
| 7 | |
| 8 | # Allow talking to gsid. |
| 9 | binder_use(remount) |
| 10 | allow remount gsi_service:service_manager find; |
| 11 | binder_call(remount, gsid) |
| 12 | |
| 13 | # Allow searching for /metadata/gsi/remount/lp_metadata. |
| 14 | allow remount { metadata_file gsi_metadata_file_type }:dir search; |
| David Anderson | 17fbd9c | 2023-12-12 22:16:03 -0800 | [diff] [blame^] | 15 | |
| 16 | # Allow remount to flip the overlayfs bit in the super partition. |
| 17 | # This requires being able to read fstab, find /dev/block/by-name/super, |
| 18 | # and read-write super. |
| 19 | r_dir_file(remount, sysfs_dt_firmware_android) |
| 20 | allow remount proc_bootconfig:file r_file_perms; |
| 21 | allow remount proc_cmdline:file r_file_perms; |
| 22 | allow remount block_device:dir r_dir_perms; |
| 23 | allow remount super_block_device_type:blk_file rw_file_perms; |
| 24 | allowxperm remount super_block_device_type:blk_file ioctl { BLKIOMIN BLKALIGNOFF }; |
| Yi-Yo Chiang | 8638a44 | 2021-11-02 22:08:00 +0800 | [diff] [blame] | 25 | ') |