Skip to content
Snippets Groups Projects
Commit 24f3bcdb authored by Jeff Sharkey's avatar Jeff Sharkey
Browse files

Let Zygote unmount inherited storage devices. 

For example, when launching into an isolated process, we need to drop
all mounts inherited from the root namespace.

avc: denied { unmount } for scontext=u:r:zygote:s0 tcontext=u:object_r:fuse:s0 tclass=filesystem permissive=1

Bug: 22192518
Change-Id: Iafbea2c365c1080bdf20d7fa066c304901e582ba
parent 6b75d099
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 1 addition and 0 deletions
zygote.te
+ 1
0
View file @ 24f3bcdb
...@@ -54,6 +54,7 @@ allow zygote sdcard_type:dir { write search setattr create add_name mounton }; # ...@@ -54,6 +54,7 @@ allow zygote sdcard_type:dir { write search setattr create add_name mounton }; #
dontaudit zygote self:capability fsetid; # TODO: deprecated in M dontaudit zygote self:capability fsetid; # TODO: deprecated in M
allow zygote tmpfs:dir { write create add_name setattr mounton search }; # TODO: deprecated in M allow zygote tmpfs:dir { write create add_name setattr mounton search }; # TODO: deprecated in M
allow zygote tmpfs:filesystem { mount unmount }; allow zygote tmpfs:filesystem { mount unmount };
allow zygote fuse:filesystem { unmount };
allow zygote labeledfs:filesystem remount; # TODO: deprecated in M allow zygote labeledfs:filesystem remount; # TODO: deprecated in M
# Allowed to create user-specific storage source if started before vold # Allowed to create user-specific storage source if started before vold
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment