Removing file system remount permission from vold

There is no reason for vold to have this permission, and a proper
auditallow rule has been used and monitored to ensure that nothing on
android uses this permission.

Bug: 26901147

Test: Phone boots
Change-Id: Id36ed2722348f433fe3d046a3429066338230fec
This commit is contained in:
Max 2016-12-13 15:37:33 -08:00
parent a95c52e347
commit 16c889c51f

View file

@ -93,10 +93,7 @@ allow vold ion_device:chr_file r_file_perms;
# #
# Unmount and mount the fs. # Unmount and mount the fs.
allow vold labeledfs:filesystem { mount unmount remount }; allow vold labeledfs:filesystem { mount unmount };
# audit any attempts of vold to remount a filesystem, monitor in a few weeks
# then remove
auditallow vold labeledfs:filesystem { remount };
# Access /efs/userdata_footer. # Access /efs/userdata_footer.
# XXX Split into a separate type? # XXX Split into a separate type?