From 623d9f06832ca167c6317ac93949e9f1014ec18e Mon Sep 17 00:00:00 2001
From: Steven Moreland <smoreland@google.com>
Date: Fri, 19 Jan 2018 13:04:57 -0800
Subject: [PATCH] Clarify sysfs_leds neverallow.

Now that init no longer uses it.

Fixes: 70846424
Test: no neverallows tripped
Change-Id: I5c22dd272b66fd32b4758c1dce659ccd98b8a7ba
---
 private/coredomain.te | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/private/coredomain.te b/private/coredomain.te
index c8f2b1dc5..84d7a8f36 100644
--- a/private/coredomain.te
+++ b/private/coredomain.te
@@ -4,14 +4,13 @@ get_prop(coredomain, exported_pm_prop)
 full_treble_only(`
 neverallow {
     coredomain
+
+    # for chowning
     -init
-    -vendor_init
 
     # generic access to sysfs_type
     -ueventd
+    -vendor_init
     -vold
-    -priv_app
-    -storaged
-    -system_app
 } sysfs_leds:file *;
 ')
-- 
GitLab