Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit 3be2c7a1 authored by Yifan Hong's avatar Yifan Hong
Browse files

fs_mgr: overlayfs_mount_scratch don't write to system_other 

This change removes this denial:
avc: denied { write } for comm="init" name="sda6" dev="tmpfs" \
    ino=25715 scontext=u:r:init:s0 tcontext=u:object_r:system_block_device:s0 \
    tclass=blk_file permissive=0

The reason is that during any mount_all in init,
fs_mgr_overlayfs_mount_all() will mount a list of candidates for
scratch, which includes system_other. However, in order to probe
if /overlay directory exist in the partition, it only needs read
access to the block device, and mount the partition as readonly.
If the block device is a true candidate (i.e. it does have /overlay),
re-mount it as writable.

Test: flash, wipe, boot, denial goes away, cppreopt is successful
Test: boot the second time, no denials (no cppreopt this time)

Fixes: 122454600

Change-Id: I465b363eac755d79711e4f82955cd98450527122
parent e7bb1b3e
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment