1# Domain used for overlay_remounter process 2 3# All types must be defined regardless of build variant to ensure 4# policy compilation succeeds with userdebug/user combination at boot 5type overlay_remounter, domain, coredomain; 6 7# File types must be defined for file_contexts. 8type overlay_remounter_exec, system_file_type, exec_type, file_type; 9 10userdebug_or_eng(` 11 domain_auto_trans(overlay_remounter, init_exec, init) 12 13 allow overlay_remounter init:process share; 14 allow overlay_remounter init:process2 nosuid_transition; 15 allow overlay_remounter kernel:fd use; 16 allow overlay_remounter tmpfs:chr_file { open read write }; 17 allow overlay_remounter labeledfs:filesystem { mount unmount }; 18 allow overlay_remounter overlayfs_file:chr_file { unlink create link rename }; 19 allow overlay_remounter overlayfs_file:dir create_dir_perms; 20 allow overlay_remounter overlayfs_file:file { create open rename unlink write }; 21 allow overlay_remounter self:capability { chown fowner sys_admin dac_override dac_read_search }; 22 allow overlay_remounter unlabeled:dir { rmdir search }; 23 use_bootstrap_libs(overlay_remounter) 24 25 # overlay_remounter must be able to perform all possible operations 26 # on the overlaid partitions 27 allow overlay_remounter { 28 system_dlkm_file_type 29 vendor_file_type 30 system_file_type 31 adb_keys_file 32 }:{ file } ~{ entrypoint }; 33 34 allow overlay_remounter { 35 system_dlkm_file_type 36 vendor_file_type 37 system_file_type 38 adb_keys_file 39 }:chr_file unlink; 40 41 allow overlay_remounter { 42 system_dlkm_file_type 43 vendor_file_type 44 system_file_type 45 adb_keys_file 46 }:{ dir lnk_file } *; 47') 48