diff options
| author | David Anderson <dvander@google.com> | 2020-12-08 00:21:20 -0800 |
|---|---|---|
| committer | David Anderson <dvander@google.com> | 2021-01-08 16:39:51 -0800 |
| commit | 3595421f376bec7f417816877ab8c732257e1922 (patch) | |
| tree | 83391c258637acb3665fbd9dcf71be5360554778 /trusty/coverage/coverage.cpp | |
| parent | d311ef57337fe0ad0dbd617be1751e42f3ccd6d3 (diff) | |
init: Add an selinux transition for snapuserd.
With compressed VAB updates, it is not possible to mount /system without
first running snapuserd, which is the userspace component to the dm-user
kernel module. This poses a problem because as soon as selinux
enforcement is enabled, snapuserd (running in a kernel context) does not
have access to read and decompress the underlying system partition.
To account for this, we split SelinuxInitialize into multiple steps:
First, sepolicy is read into an in-memory string.
Second, the device-mapper tables for all snapshots are rebuilt. This
flushes any pending reads and creates new dm-user devices. The original
kernel-privileged snapuserd is then killed.
Third, sepolicy is loaded from the in-memory string.
Fourth, we re-launch snapuserd and connect it to the newly created
dm-user devices. As part of this step we restorecon device-mapper
devices and /dev/block/by-name/super, since the new snapuserd is in a
limited context.
Finally, we set enforcing mode.
This sequence ensures that snapuserd has appropriate privileges with a
minimal number of permissive audits.
Bug: 173476209
Test: full OTA with VABC applies and boots
Change-Id: Ie4e0f5166b01c31a6f337afc26fc58b96217604e
Diffstat (limited to 'trusty/coverage/coverage.cpp')
0 files changed, 0 insertions, 0 deletions