From 44ae7c2ccb5b2e31eeaa2ed091c4d9d543a8294c Mon Sep 17 00:00:00 2001
From: padarshr <padarshr@codeaurora.org>
Date: Wed, 13 Jun 2018 17:20:34 +0530
Subject: [PATCH] Add ueventd to mnt_vendor_file neverallow exemption list

Legacy hardware and code still depends on the ueventd helpers to
locate the firmware supported files which are on new mount path
labeled with mnt_vendot_file. For ueventd helper to work we need dir search
and read permission on this new label so moving ueventd to exempted list.

Already ueventd has the vendor_file_type read access.

Bug:110083808

Change-Id: Ia15cc39ecef9e29b4f1f684efdddbeb78b427988
---
 public/domain.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/public/domain.te b/public/domain.te
index 2f93e42f4..a3729f150 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -1390,6 +1390,7 @@ userdebug_or_eng(`
 neverallow {
   coredomain
   -init
+  -ueventd
 } mnt_vendor_file:dir *;
 
 # Only apps are allowed access to vendor public libraries.
-- 
GitLab