Skip to content
Snippets Groups Projects
Commit 69dc2641 authored by Paul Crowley's avatar Paul Crowley Committed by Gerrit Code Review
Browse files

Merge "Abolish calls to shell in vold"

parents b3b8e5f5 f9f75394
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
private/vold.te
+ 2
2
View file @ 69dc2641
...@@ -8,8 +8,8 @@ domain_auto_trans(vold, sdcardd_exec, sdcardd); ...@@ -8,8 +8,8 @@ domain_auto_trans(vold, sdcardd_exec, sdcardd);
# For a handful of probing tools, we choose an even more restrictive # For a handful of probing tools, we choose an even more restrictive
# domain when working with untrusted block devices # domain when working with untrusted block devices
domain_trans(vold, shell_exec, blkid); domain_trans(vold, blkid_exec, blkid);
domain_trans(vold, shell_exec, blkid_untrusted); domain_trans(vold, blkid_exec, blkid_untrusted);
domain_trans(vold, fsck_exec, fsck); domain_trans(vold, fsck_exec, fsck);
domain_trans(vold, fsck_exec, fsck_untrusted); domain_trans(vold, fsck_exec, fsck_untrusted);
......
public/vold.te
+ 0
3
View file @ 69dc2641
...@@ -31,9 +31,6 @@ allow vold file_contexts_file:file r_file_perms; ...@@ -31,9 +31,6 @@ allow vold file_contexts_file:file r_file_perms;
# Allow us to jump into execution domains of above tools # Allow us to jump into execution domains of above tools
allow vold self:process setexec; allow vold self:process setexec;
# For sgdisk launched through popen()
allow vold shell_exec:file rx_file_perms;
# For formatting adoptable storage devices # For formatting adoptable storage devices
allow vold e2fs_exec:file rx_file_perms; allow vold e2fs_exec:file rx_file_perms;
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment