custota-selinux: Add SELinux for sdcardfs

Devices that launched with Android <11 use the kernel-based sdcardfs instead of the userspace FUSE daemon. Fixes: #83 Signed-off-by: Andrew Gunnerson <accounts+github@chiller3.com>
chenxiaolong · Sep 22, 2024 · 4ac7ee8 · 4ac7ee8
1 parent 66886af
commit 4ac7ee8
Showing 1 changed file with 8 additions and 2 deletions.
diff --git a/custota-selinux/src/main.rs b/custota-selinux/src/main.rs
@@ -277,8 +277,14 @@ pub fn main() -> Result<()> {
 
     // allow update_engine fuse:file getattr;
     // allow update_engine fuse:file read;
-    for perm in [p_file_getattr, p_file_read] {
-        pdb.set_rule(t_update_engine, t_fuse, c_file, perm, RuleAction::Allow);
+    let mut internal_storage_types = vec![t_fuse];
+    if let Some(target) = pdb.get_type_id("sdcardfs") {
+        internal_storage_types.push(target);
+    }
+    for target in internal_storage_types {
+        for perm in [p_file_getattr, p_file_read] {
+            pdb.set_rule(t_update_engine, target, c_file, perm, RuleAction::Allow);
+        }
     }
 
     if cli.strip_no_audit {