Sepolicy: Allow otapreopt to mount logical partitions
Logical partitions are handled through libdm. Allow access to device-mapper. Bug: 128867786 Test: m Change-Id: I6979487b91d24b7309c876f2bdc26a827e2fcd1e
This commit is contained in:
parent
c848dee19c
commit
1a5db599ce
@ -11,6 +11,9 @@ allow otapreopt_chroot self:global_capability_class_set { sys_admin sys_chroot }
|
||||
# APEX packages in /postinstall/apex.
|
||||
allow otapreopt_chroot block_device:dir search;
|
||||
allow otapreopt_chroot labeledfs:filesystem { mount unmount };
|
||||
# This is required for dynamic partitions.
|
||||
allow otapreopt_chroot dm_device:chr_file rw_file_perms;
|
||||
|
||||
# This is required to unmount flattened APEX packages under
|
||||
# /postinstall/system/apex (which are bind-mounted in /postinstall/apex).
|
||||
allow otapreopt_chroot postinstall_file:filesystem unmount;
|
||||
|
Loading…
Reference in New Issue
Block a user