Allow oatpreopt_chroot
to deactivate APEX packages in /postinstall/apex
.
Allow `otapreopt_chroot` to: - unmount APEX packages (ext4 images) mounted in `/postinstall/apex`; - access `/dev/block`. Deactivating APEX packages (unmounting them from `/postinstall/apex` and detaching the corresponding loop devices) is part of the tear-down phase run at the end of `oatpreopt_chroot`. Test: A/B OTA update test (asit/dexoptota/self_full). Bug: 113373927 Bug: 120796514 Change-Id: Ida07d2ceda31c7296228d973b26ff642f6533274
This commit is contained in:
parent
ab9c053078
commit
7094d4f505
@ -27,3 +27,8 @@ allow otapreopt_chroot tmpfs:filesystem mount;
|
||||
allow otapreopt_chroot tmpfs:dir create_dir_perms;
|
||||
# Allow otapreopt_chroot to mount APEX packages in /postinstall/apex.
|
||||
allow otapreopt_chroot tmpfs:dir mounton;
|
||||
|
||||
# Allow otapreopt_chroot to unmount APEX packages (ext4 images) mounted in /postinstall/apex.
|
||||
allow otapreopt_chroot labeledfs:filesystem unmount;
|
||||
# Allow otapreopt_chroot to access /dev/block.
|
||||
allow otapreopt_chroot block_device:dir r_dir_perms;
|
||||
|
Loading…
Reference in New Issue
Block a user