Fix overlayfs avc denied

avc: denied { rename } for comm="init" name="#b" dev="dm-6" ino=52 scontext=u:r:init:s0 tcontext=u:object_r:overlayfs_file:s0 tclass=file permissive=1 avc: denied { unlink } for comm="init" name="#b" dev="dm-6" ino=53 scontext=u:r:init:s0 tcontext=u:object_r:overlayfs_file:s0 tclass=chr_file permissive=1 Bug: 192617244 Test: boot & adb remount Signed-off-by: Randall Huang <huangrandall@google.com> Change-Id: I740ff317520439034d2bf6e0659b1418bf6dac5c
2021-07-06 18:19:04 +08:00
parent 46dfc784f5
commit d328008234
2 changed files with 5 additions and 2 deletions
--- a/tracking_denials/init.te
+++ b/tracking_denials/init.te
@@ -1,2 +0,0 @@
-# b/192617244
-dontaudit init overlayfs_file:file rename;
--- a/whitechapel/vendor/google/init.te
+++ b/whitechapel/vendor/google/init.te
@@ -18,3 +18,8 @@ allow init ram_device:blk_file w_file_perms;
 allow init per_boot_file:file ioctl;
 allowxperm init per_boot_file:file ioctl { F2FS_IOC_SET_PIN_FILE };
 allow init sysfs_scsi_devices_0000:file w_file_perms;
+
+userdebug_or_eng(`
+  allow init overlayfs_file:file { rename };
+  allow init overlayfs_file:chr_file { unlink };
+')