From d00eff47fe1f0b73dce96241ac348599f7d8e41c Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Fri, 4 Jul 2014 11:45:49 -0700
Subject: [PATCH] system_server: bring back sdcard_type neverallow rule

We had disabled the neverallow rule when system_server was
in permissive_or_unconfined(), but forgot to reenable it.
Now that system_server is in enforcing/confined, bring it
back.

Change-Id: I6f74793d4889e3da783361c4d488b25f804ac8ba
---
 system_server.te | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/system_server.te b/system_server.te
index 1f95cb161..b13ce87cd 100644
--- a/system_server.te
+++ b/system_server.te
@@ -385,4 +385,4 @@ allow system_server keystore:keystore_key {
 
 # Do not allow accessing SDcard files as unsafe ejection could
 # cause the kernel to kill the system_server.
-# neverallow system_server sdcard_type:file rw_file_perms;
+neverallow system_server sdcard_type:file rw_file_perms;
-- 
GitLab