| Paul Lawrence | 840b607 | 2025-01-28 07:41:05 -0800 | [diff] [blame^] | 1 | # Domain used for overlay_remounter process |
| 2 | |
| 3 | # All types must be defined regardless of build variant to ensure |
| 4 | # policy compilation succeeds with userdebug/user combination at boot |
| 5 | type overlay_remounter, domain, coredomain; |
| 6 | |
| 7 | # File types must be defined for file_contexts. |
| 8 | type overlay_remounter_exec, system_file_type, exec_type, file_type; |
| 9 | |
| 10 | userdebug_or_eng(` |
| 11 | domain_auto_trans(overlay_remounter, init_exec, init) |
| 12 | |
| 13 | allow overlay_remounter init:process share; |
| 14 | allow overlay_remounter init:process2 nosuid_transition; |
| 15 | allow overlay_remounter kernel:fd use; |
| 16 | allow overlay_remounter tmpfs:chr_file { open read write }; |
| 17 | allow overlay_remounter labeledfs:filesystem { mount unmount }; |
| 18 | allow overlay_remounter overlayfs_file:chr_file { unlink create link rename }; |
| 19 | allow overlay_remounter overlayfs_file:dir create_dir_perms; |
| 20 | allow overlay_remounter overlayfs_file:file { create open rename unlink write }; |
| 21 | allow overlay_remounter self:capability { chown fowner sys_admin dac_override dac_read_search }; |
| 22 | allow overlay_remounter unlabeled:dir { rmdir search }; |
| 23 | use_bootstrap_libs(overlay_remounter) |
| 24 | |
| 25 | # overlay_remounter must be able to perform all possible operations |
| 26 | # on the overlaid partitions |
| 27 | allow overlay_remounter { |
| 28 | system_dlkm_file_type |
| 29 | vendor_file_type |
| 30 | system_file_type |
| 31 | adb_keys_file |
| 32 | }:{ file } ~{ entrypoint }; |
| 33 | |
| 34 | allow overlay_remounter { |
| 35 | system_dlkm_file_type |
| 36 | vendor_file_type |
| 37 | system_file_type |
| 38 | adb_keys_file |
| 39 | }:{ dir lnk_file } *; |
| 40 | ') |