Added an auditallow rule to track vold remounting filesystems.
Vold shouldn't have this selinux permission, so this will be left in for a few weeks to keep track of if removing it would be an issue to any other processes. If not, then a follow-up CL will remove both the rule and the auditallow Test: This CL is a test in itself, auditallow rules shouldn't change behavior of SELinux policy by themselves Bug: 26901147 Change-Id: Ib076448863bd54278df59a3b514c9e877eb22ee5
This commit is contained in:
Max
parent
7b6dbd7360
commit
314d8c5801
1 changed files with 3 additions and 0 deletions
|
|
@ -94,6 +94,9 @@ allow vold ion_device:chr_file r_file_perms;
|
|||
|
||||
# Unmount and mount the fs.
|
||||
allow vold labeledfs:filesystem { mount unmount remount };
|
||||
# audit any attempts of vold to remount a filesystem, monitor in a few weeks
|
||||
# then remove
|
||||
auditallow vold labeledfs:filesystem { remount };
|
||||
|
||||
# Access /efs/userdata_footer.
|
||||
# XXX Split into a separate type?
|
||||
|
|
|
|||
Loading…
Reference in a new issue