23ba976f34
In order to remount ext4 userdata into checkpointing mode, init will need to delete all devices from dm-stack it is mounted onto (e.g. dm-bow, dm-crypto). For that it needs to get name of a dm-device by reading /sys/block/dm-XX/dm/name file. Test: adb shell setprop sys.init.userdata_remount.force_umount_f2fs 1 Test: adb shell /system/bin/vdc checkpoint startCheckpoint 1 Test: adb reboot userspace Test: adb shell dumpsys activity Bug: 135984674 Bug: 143970043 Change-Id: I919a4afdce8a4f88322f636fdf796a2f1a955d04
47 lines
1.7 KiB
Plaintext
47 lines
1.7 KiB
Plaintext
typeattribute init coredomain;
|
|
|
|
tmpfs_domain(init)
|
|
|
|
# Transitions to seclabel processes in init.rc
|
|
domain_trans(init, rootfs, healthd)
|
|
domain_trans(init, rootfs, slideshow)
|
|
domain_auto_trans(init, charger_exec, charger)
|
|
domain_auto_trans(init, e2fs_exec, e2fs)
|
|
domain_auto_trans(init, bpfloader_exec, bpfloader)
|
|
|
|
recovery_only(`
|
|
# Files in recovery image are labeled as rootfs.
|
|
domain_trans(init, rootfs, adbd)
|
|
domain_trans(init, rootfs, charger)
|
|
domain_trans(init, rootfs, fastbootd)
|
|
domain_trans(init, rootfs, recovery)
|
|
')
|
|
domain_trans(init, shell_exec, shell)
|
|
domain_trans(init, init_exec, ueventd)
|
|
domain_trans(init, init_exec, vendor_init)
|
|
domain_trans(init, { rootfs toolbox_exec }, modprobe)
|
|
userdebug_or_eng(`
|
|
# case where logpersistd is actually logcat -f in logd context (nee: logcatd)
|
|
domain_auto_trans(init, logcat_exec, logpersist)
|
|
|
|
# allow init to execute services marked with seclabel u:r:su:s0 in userdebug/eng
|
|
allow init su:process transition;
|
|
dontaudit init su:process noatsecure;
|
|
allow init su:process { siginh rlimitinh };
|
|
')
|
|
|
|
# Allow init to figure out name of dm-device from it's /dev/block/dm-XX path.
|
|
# This is useful in case of remounting ext4 userdata into checkpointing mode,
|
|
# since it potentially requires tearing down dm-devices (e.g. dm-bow, dm-crypto)
|
|
# that userdata is mounted onto.
|
|
allow init sysfs_dm:file read;
|
|
|
|
# Allow the BoringSSL self test to request a reboot upon failure
|
|
set_prop(init, powerctl_prop)
|
|
|
|
# Only init is allowed to set userspace reboot related properties.
|
|
set_prop(init, userspace_reboot_prop)
|
|
set_prop(init, userspace_reboot_exported_prop)
|
|
neverallow { domain -init } userspace_reboot_prop:property_service set;
|
|
neverallow { domain -init } userspace_reboot_exported_prop:property_service set;
|