Don't resolve permitted.paths
Linker resolves the paths in /system/etc/ld.config.txt to canonicalize the paths and to ensure they exist. However, as permitted paths for the default namespace contain directories such as /vendor/app, /mnt/expand, and etc., the resolving causes selinux denial on some processes which do not have access to some of the permitted paths. In order to silence the bogus selinux denial, resolution is skipped for permitted paths. Note that the resolution is not strictly required especially for Treble-ized devices where permitted paths are already canonicalized (i.e /vendor isn't a symlink to /system/vendor). Bug: 65843095 Test: no selinux denial on /vendor/app, /vendor/framework, etc. while booting. Merged-In: I1a9921e45f4c15b08cdf8f1caee64c4cb0761e1f Change-Id: I1a9921e45f4c15b08cdf8f1caee64c4cb0761e1f (cherry picked from commit 527757e1)
Loading
Please sign in to comment