From 30a315700343ef606c480e015171d98a6cb3dd90 Mon Sep 17 00:00:00 2001
From: Tri Vo <trong@google.com>
Date: Tue, 16 Jan 2018 14:48:53 -0800
Subject: [PATCH] Mark shell as system_executes_vendor_violators.

Bug: 62041836
Test: sailfish sepolicy builds

Change-Id: Iad865fea852ab134dd848688e8870bc71f99788d
---
 public/shell.te | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/public/shell.te b/public/shell.te
index 496d4720f..719036cc9 100644
--- a/public/shell.te
+++ b/public/shell.te
@@ -186,6 +186,8 @@ allow shell service_contexts_file:file r_file_perms;
 allow shell sepolicy_file:file r_file_perms;
 
 # Allow shell to start up vendor shell
+# TODO(b/62041836): system processes should not run vendor executables.
+typeattribute shell system_executes_vendor_violators;
 allow shell vendor_shell_exec:file rx_file_perms;
 
 ###
-- 
GitLab