diff options
| author | Michael Bestas <mikeioannina@gmail.com> | 2024-06-14 04:33:58 +0300 |
|---|---|---|
| committer | George Zacharia <george.zcharia@gmail.com> | 2024-07-04 16:44:25 +0530 |
| commit | 27faf580817f6826f4a94634b79e131e91270b88 (patch) | |
| tree | 33034182f8a97b51881d0669d5a8342b596392b4 | |
| parent | 92ad6071f03e18200ab46527803ad46fdfd97871 (diff) | |
Resolve neverallow in retrofit devicesu14.0
Commit Ia78d4b0ea942a139c8a4070dc63a0eed218e3e18 added the following
rule for debuggable builds:
allow remount super_block_device_type:blk_file rw_file_perms;
That causes a neverallow on retrofit devices that define this:
typeattribute system_block_device super_block_device_type;
Test: m; observe no neverallow in userdebug build
Change-Id: I7cfe160542b2e9b290bc1d6470c6286b5ca21e1f
| -rw-r--r-- | private/remount.te | 1 | ||||
| -rw-r--r-- | public/domain.te | 1 | ||||
| -rw-r--r-- | public/remount.te | 1 |
3 files changed, 2 insertions, 1 deletions
diff --git a/private/remount.te b/private/remount.te index 5ef7facb5..2964605a0 100644 --- a/private/remount.te +++ b/private/remount.te @@ -1,4 +1,3 @@ -type remount, domain, coredomain; type remount_exec, system_file_type, exec_type, file_type; userdebug_or_eng(` diff --git a/public/domain.te b/public/domain.te index 2a53b4e6d..7aedfaaf2 100644 --- a/public/domain.te +++ b/public/domain.te @@ -618,6 +618,7 @@ neverallow { userdebug_or_eng(`-fsck') userdebug_or_eng(`-init') -recovery + userdebug_or_eng(`-remount') -update_engine } system_block_device:blk_file { write append }; diff --git a/public/remount.te b/public/remount.te new file mode 100644 index 000000000..c4724c950 --- /dev/null +++ b/public/remount.te @@ -0,0 +1 @@ +type remount, domain, coredomain; |