AimeeOS/aimee-os
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add factory reset feature

Browse Source 
The `factory-reset` command provides a way to completely wipe the data
partition, thus erasing any local configuration and state.  The command
itself simply enables a special systemd service unit that is activated
during the shutdown process.  This unit runs a script, after all
filesystems, except rootfs, have been unmmounted.  It then erases the
signature of the filesystem on the data partition, so it will appear
blank the next time the system boots.  This will trigger the
`init-storage` process, to create a new filesystem on the partition.
This commit is contained in:
Dustin
2023-03-12 10:19:37 -05:00
parent 2ebb26529a
commit 274c592f5d
5 changed files with 73 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
portage/repos/aimee-os/sec-policy/selinux-aimee-os/files/aimee-os.fc
View File

@@ -1,5 +1,6 @@
/usr/libexec/init-storage -- gen_context(system_u:object_r:aimee_storinit_exec_t,s0)
/usr/bin/system-update -- gen_context(system_u:object_r:aimee_sysupdate_exec_t,s0)
/usr/libexec/factory-reset -- gen_context(system_u:object_r:aimee_factory_reset_exec_t,s0)
/usr/libexec/init-storage -- gen_context(system_u:object_r:aimee_storinit_exec_t,s0)
/var/run/storinit(/.*)? gen_context(system_u:object_r:aimee_storinit_runtime_t,s0)

18
portage/repos/aimee-os/sec-policy/selinux-aimee-os/files/aimee-os.te
View File

@@ -19,6 +19,10 @@ userdom_user_application_domain(aimee_sysupdate_t, aimee_sysupdate_exec_t)
type aimee_sysupdate_tmp_t;
files_tmp_file(aimee_sysupdate_tmp_t)
type aimee_factory_reset_t;
type aimee_factory_reset_exec_t;
init_daemon_domain(aimee_factory_reset_t, aimee_factory_reset_exec_t)
########################################
#
# init-storage local policy
@@ -140,6 +144,20 @@ gen_require(`
')
aimee_os_run_system_update(sysadm_t, sysadm_r)
# factory-reset local policy
#
allow aimee_factory_reset_t self:capability { sys_admin };
allow aimee_factory_reset_t self:fifo_file rw_fifo_file_perms;
corecmd_exec_bin(aimee_factory_reset_t)
dev_read_sysfs(aimee_factory_reset_t)
kernel_read_system_state(aimee_factory_reset_t)
fstools_exec(aimee_factory_reset_t)
fstools_manage_runtime_files(aimee_factory_reset_t)
miscfiles_read_localization(aimee_factory_reset_t)
storage_raw_rw_fixed_disk(aimee_factory_reset_t)
########################################
#
# Additional policy rules for Aimee OS-specific behavior