Created
January 20, 2023 21:53
-
-
Save fredldotme/4743ce259a62627fbad5bc10c94eb20f to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| *** snapd-2.57.5+20.04ubuntu0.1/cmd/snap-confine/mount-support.c Mon Nov 28 04:54:57 2022 | |
| --- snapd.patched/cmd/snap-confine/mount-support.c Tue Dec 13 20:50:41 2022 | |
| *************** | |
| *** 585,590 **** | |
| --- 585,599 ---- | |
| // and it has a large duplicated view of many mount points. Note that this | |
| // is only applicable to ubuntu-core systems. | |
| sc_detach_views_of_writable(config->distro, config->normal_mode); | |
| + | |
| + // On Android-based hybris/Halium devices the driver stack is | |
| + // nowadays located in specific partitions for vendors or odms. | |
| + sc_must_snprintf(src, sizeof src, "%s/system", SC_HOSTFS_DIR); | |
| + sc_do_umount(src, UMOUNT_NOFOLLOW | MNT_DETACH); | |
| + sc_must_snprintf(src, sizeof src, "%s/vendor", SC_HOSTFS_DIR); | |
| + sc_do_umount(src, UMOUNT_NOFOLLOW | MNT_DETACH); | |
| + sc_must_snprintf(src, sizeof src, "%s/odm", SC_HOSTFS_DIR); | |
| + sc_do_umount(src, UMOUNT_NOFOLLOW | MNT_DETACH); | |
| } | |
| static void sc_detach_views_of_writable(sc_distro distro, bool normal_mode) | |
| *************** | |
| *** 699,704 **** | |
| --- 708,716 ---- | |
| {"/run"}, // to get /run with sockets and what not | |
| {"/lib/modules",.is_optional = true}, // access to the modules of the running kernel | |
| {"/lib/firmware",.is_optional = true}, // access to the firmware of the running kernel | |
| + {"/system",.is_optional = true}, // access to the hybris/Halium drivers | |
| + {"/vendor",.is_optional = true}, // access to the hybris/Halium drivers | |
| + {"/odm",.is_optional = true}, // access to the hybris/Halium drivers | |
| {"/usr/src"}, // FIXME: move to SecurityMounts in system-trace interface | |
| {"/var/log"}, // FIXME: move to SecurityMounts in log-observe interface | |
| #ifdef MERGED_USR | |
| *** snapd-2.57.5+20.04ubuntu0.1/cmd/snap-confine/snap-confine.apparmor.in Mon Nov 28 04:54:57 2022 | |
| --- snapd.patched/cmd/snap-confine/snap-confine.apparmor.in Tue Dec 13 20:14:58 2022 | |
| *************** | |
| *** 235,241 **** | |
| mount options=(rw rbind) /usr/src/ -> /tmp/snap.rootfs_*/usr/src/, | |
| mount options=(rw rslave) -> /tmp/snap.rootfs_*/usr/src/, | |
| ! mount options=(rw rbind) /mnt/ -> /tmp/snap.rootfs_*/mnt/, | |
| mount options=(rw rslave) -> /tmp/snap.rootfs_*/mnt/, | |
| # allow making host snap-exec available inside base snaps | |
| --- 235,241 ---- | |
| mount options=(rw rbind) /usr/src/ -> /tmp/snap.rootfs_*/usr/src/, | |
| mount options=(rw rslave) -> /tmp/snap.rootfs_*/usr/src/, | |
| ! mount options=(rw rbind) /{android/,}mnt/ -> /tmp/snap.rootfs_*/mnt/, | |
| mount options=(rw rslave) -> /tmp/snap.rootfs_*/mnt/, | |
| # allow making host snap-exec available inside base snaps | |
| *** snapd-2.57.5+20.04ubuntu0.1/interfaces/builtin/opengl.go Mon Oct 17 16:25:18 2022 | |
| --- snapd.patched/interfaces/builtin/opengl.go Tue Dec 13 20:09:33 2022 | |
| *************** | |
| *** 67,72 **** | |
| --- 67,73 ---- | |
| /var/lib/snapd/lib/glvnd/** r, | |
| /var/lib/snapd/hostfs/usr/share/glvnd/egl_vendor.d/ r, | |
| /var/lib/snapd/hostfs/usr/share/glvnd/egl_vendor.d/*nvidia*.json r, | |
| + /var/lib/snapd/hostfs/usr/share/glvnd/egl_vendor.d/*hybris*.json r, | |
| # Support Nvidia EGL external platform | |
| /var/lib/snapd/hostfs/usr/share/egl/egl_external_platform.d/ r, | |
| *************** | |
| *** 165,170 **** | |
| --- 166,190 ---- | |
| # From https://bugs.launchpad.net/snapd/+bug/1862832 | |
| /run/nvidia-xdriver-* rw, | |
| unix (send, receive) type=dgram peer=(addr="@var/run/nvidia-xdriver-*"), | |
| + | |
| + # Hybris support | |
| + /{,var/}run/shm/hybris_shm_data rw, # FIXME: LP: #1226569 (make app-specific) | |
| + /usr/lib/@{multiarch}/libhybris/**.so mr, | |
| + /{,android/}system/build.prop r, | |
| + /{,android/}vendor/lib{,64}/** r, | |
| + /{,android/}vendor/lib{,64}/**.so m, | |
| + /{,android/}system/lib{,64}/** r, | |
| + /{,android/}system/lib{,64}/**.so m, | |
| + /{,android/}system/vendor/lib{,64}/** r, | |
| + /{,android/}system/vendor/lib{,64}/**.so m, | |
| + /{,android/}odm/lib{,64}/** r, | |
| + /{,android/}odm/lib{,64}/**.so m, | |
| + /{,android/}apex/com.android.runtime/lib{,64}/** r, | |
| + /{,android/}apex/com.android.runtime/lib{,64}/**.so m, | |
| + /{,dev/}socket/property_service rw, # attach_disconnected path | |
| + /dev/{,binderfs/}binder rw, | |
| + /dev/{,binderfs/}hwbinder rw, | |
| + /dev/ashmem rw, | |
| ` | |
| // Some nvidia modules don't use sysfs (therefore they can't be udev tagged) and |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment