Loading init/Android.bp +8 −2 Original line number Diff line number Diff line Loading @@ -255,7 +255,10 @@ cc_library_static { cc_library_static { name: "libinit.microdroid", defaults: ["libinit_defaults"], defaults: [ "avf_build_flags_cc", "libinit_defaults", ], cflags: ["-DMICRODROID=1"], } Loading Loading @@ -315,7 +318,10 @@ cc_binary { cc_binary { name: "init_second_stage.microdroid", defaults: ["init_second_stage_defaults"], defaults: [ "avf_build_flags_cc", "init_second_stage_defaults", ], static_libs: ["libinit.microdroid"], cflags: ["-DMICRODROID=1"], installable: false, Loading init/selinux.cpp +10 −0 Original line number Diff line number Diff line Loading @@ -66,6 +66,7 @@ #include <android-base/result.h> #include <android-base/strings.h> #include <android-base/unique_fd.h> #include <android/avf_cc_flags.h> #include <fs_avb/fs_avb.h> #include <fs_mgr.h> #include <libgsi/libgsi.h> Loading Loading @@ -702,6 +703,15 @@ int SetupSelinux(char** argv) { SelinuxSetEnforcement(); if (IsMicrodroid() && android::virtualization::IsOpenDiceChangesFlagEnabled()) { // We run restorecon of /microdroid_resources while we are still in kernel context to avoid // granting init `tmpfs:file relabelfrom` capability. const int flags = SELINUX_ANDROID_RESTORECON_RECURSE; if (selinux_android_restorecon("/microdroid_resources", flags) == -1) { PLOG(FATAL) << "restorecon of /microdroid_resources failed"; } } // We're in the kernel domain and want to transition to the init domain. File systems that // store SELabels in their xattrs, such as ext4 do not need an explicit restorecon here, // but other file systems do. In particular, this is needed for ramdisks such as the Loading Loading
init/Android.bp +8 −2 Original line number Diff line number Diff line Loading @@ -255,7 +255,10 @@ cc_library_static { cc_library_static { name: "libinit.microdroid", defaults: ["libinit_defaults"], defaults: [ "avf_build_flags_cc", "libinit_defaults", ], cflags: ["-DMICRODROID=1"], } Loading Loading @@ -315,7 +318,10 @@ cc_binary { cc_binary { name: "init_second_stage.microdroid", defaults: ["init_second_stage_defaults"], defaults: [ "avf_build_flags_cc", "init_second_stage_defaults", ], static_libs: ["libinit.microdroid"], cflags: ["-DMICRODROID=1"], installable: false, Loading
init/selinux.cpp +10 −0 Original line number Diff line number Diff line Loading @@ -66,6 +66,7 @@ #include <android-base/result.h> #include <android-base/strings.h> #include <android-base/unique_fd.h> #include <android/avf_cc_flags.h> #include <fs_avb/fs_avb.h> #include <fs_mgr.h> #include <libgsi/libgsi.h> Loading Loading @@ -702,6 +703,15 @@ int SetupSelinux(char** argv) { SelinuxSetEnforcement(); if (IsMicrodroid() && android::virtualization::IsOpenDiceChangesFlagEnabled()) { // We run restorecon of /microdroid_resources while we are still in kernel context to avoid // granting init `tmpfs:file relabelfrom` capability. const int flags = SELINUX_ANDROID_RESTORECON_RECURSE; if (selinux_android_restorecon("/microdroid_resources", flags) == -1) { PLOG(FATAL) << "restorecon of /microdroid_resources failed"; } } // We're in the kernel domain and want to transition to the init domain. File systems that // store SELabels in their xattrs, such as ext4 do not need an explicit restorecon here, // but other file systems do. In particular, this is needed for ramdisks such as the Loading
