Commit 527757e1 authored by Jiyong Park's avatar Jiyong Park
Browse files

Don't resolve permitted.paths

Linker resolves the paths in /system/etc/ld.config.txt to canonicalize
the paths and to ensure they exist. However, as permitted paths for the
default namespace contain directories such as /vendor/app, /mnt/expand,
and etc., the resolving causes selinux denial on some processes which do
not have access to some of the permitted paths.

In order to silence the bogus selinux denial, resolution is skipped for
permitted paths.

Note that the resolution is not strictly required especially for
Treble-ized devices where permitted paths are already canonicalized (i.e
/vendor isn't a symlink to /system/vendor).

Bug: 65843095
Test: no selinux denial on /vendor/app, /vendor/framework, etc. while
booting.

Change-Id: I1a9921e45f4c15b08cdf8f1caee64c4cb0761e1f
parent 49945521
Loading
Loading
Loading
Loading
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment