tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Let vold_prepare_subdirs completely clean deleted user data.

Browse source 
am: 254a872cab

Change-Id: I5de455d60678503f72ae8ee2985c5e7fb0c09b79
This commit is contained in:
Joel Galenson 2018-04-16 16:59:39 -07:00 committed by android-build-merger
commit 397c854db6
2 changed files with 3 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
private/vold_prepare_subdirs.te
View file

@ -12,8 +12,8 @@ allow vold_prepare_subdirs self:process setfscreate;
allow vold_prepare_subdirs {
system_data_file
vendor_data_file
}:dir { open read write add_name remove_name relabelfrom };
allow vold_prepare_subdirs system_data_file:file getattr;
}:dir { open read write add_name remove_name rmdir relabelfrom };
allow vold_prepare_subdirs system_data_file:file { getattr unlink };
allow vold_prepare_subdirs vold_data_file:dir { create open read write search getattr setattr remove_name rmdir relabelto };
allow vold_prepare_subdirs vold_data_file:file { getattr unlink };
allow vold_prepare_subdirs storaged_data_file:dir { create_dir_perms relabelto };

1
public/domain.te
View file

@ -1120,6 +1120,7 @@ neverallow {
-system_app
-init
-installd # for relabelfrom and unlink, check for this in explicit neverallow
-vold_prepare_subdirs # For unlink
with_asan(`-asan_extract')
} system_data_file:file no_w_file_perms;
# do not grant anything greater than r_file_perms and relabelfrom unlink