From be31a68e9273c119b7db7988936843334ce255da Mon Sep 17 00:00:00 2001 From: Joel Galenson <jgalenson@google.com> Date: Mon, 14 May 2018 13:08:46 -0700 Subject: [PATCH] Allow vendor_init to getattr vold_metadata_file. This relaxes the neverallow rule blocking vendor_init from doing anything to vold_metadata_file. The rules above it still prevent it from doing anything other than relabelto and getattr. Bug: 79681561 Test: Boot device and see no denials. Change-Id: I1beb25bb9f8d69323c9fee53a140c2a084b12124 (cherry picked from commit 597be44e9628eea56724e0ec576eebc2f0224d2a) --- public/vold.te | 1 + 1 file changed, 1 insertion(+) diff --git a/public/vold.te b/public/vold.te index 6817482bb..fd27e35ca 100644 --- a/public/vold.te +++ b/public/vold.te @@ -248,6 +248,7 @@ neverallow { domain -init -kernel + -vendor_init -vold -vold_prepare_subdirs } { vold_data_file vold_metadata_file }:notdevfile_class_set *; -- GitLab