From be31a68e9273c119b7db7988936843334ce255da Mon Sep 17 00:00:00 2001
From: Joel Galenson <jgalenson@google.com>
Date: Mon, 14 May 2018 13:08:46 -0700
Subject: [PATCH] Allow vendor_init to getattr vold_metadata_file.

This relaxes the neverallow rule blocking vendor_init from doing
anything to vold_metadata_file.  The rules above it still prevent it
from doing anything other than relabelto and getattr.

Bug: 79681561
Test: Boot device and see no denials.
Change-Id: I1beb25bb9f8d69323c9fee53a140c2a084b12124
(cherry picked from commit 597be44e9628eea56724e0ec576eebc2f0224d2a)
---
 public/vold.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/public/vold.te b/public/vold.te
index 6817482bb..fd27e35ca 100644
--- a/public/vold.te
+++ b/public/vold.te
@@ -248,6 +248,7 @@ neverallow {
     domain
     -init
     -kernel
+    -vendor_init
     -vold
     -vold_prepare_subdirs
 } { vold_data_file vold_metadata_file }:notdevfile_class_set *;
-- 
GitLab