From d328008234dcbf2768975b3cf88e2a51abe524da Mon Sep 17 00:00:00 2001 From: Randall Huang Date: Tue, 6 Jul 2021 18:19:04 +0800 Subject: [PATCH] Fix overlayfs avc denied avc: denied { rename } for comm="init" name="#b" dev="dm-6" ino=52 scontext=u:r:init:s0 tcontext=u:object_r:overlayfs_file:s0 tclass=file permissive=1 avc: denied { unlink } for comm="init" name="#b" dev="dm-6" ino=53 scontext=u:r:init:s0 tcontext=u:object_r:overlayfs_file:s0 tclass=chr_file permissive=1 Bug: 192617244 Test: boot & adb remount Signed-off-by: Randall Huang Change-Id: I740ff317520439034d2bf6e0659b1418bf6dac5c --- tracking_denials/init.te | 2 -- whitechapel/vendor/google/init.te | 5 +++++ 2 files changed, 5 insertions(+), 2 deletions(-) delete mode 100644 tracking_denials/init.te diff --git a/tracking_denials/init.te b/tracking_denials/init.te deleted file mode 100644 index 6e62968e..00000000 --- a/tracking_denials/init.te +++ /dev/null @@ -1,2 +0,0 @@ -# b/192617244 -dontaudit init overlayfs_file:file rename; diff --git a/whitechapel/vendor/google/init.te b/whitechapel/vendor/google/init.te index 5d6a6810..e98d414f 100644 --- a/whitechapel/vendor/google/init.te +++ b/whitechapel/vendor/google/init.te @@ -18,3 +18,8 @@ allow init ram_device:blk_file w_file_perms; allow init per_boot_file:file ioctl; allowxperm init per_boot_file:file ioctl { F2FS_IOC_SET_PIN_FILE }; allow init sysfs_scsi_devices_0000:file w_file_perms; + +userdebug_or_eng(` + allow init overlayfs_file:file { rename }; + allow init overlayfs_file:chr_file { unlink }; +')