Merge "toolbox.te: remove unneeded FS_IOC_FS[GS]ETXATTR permission" am: 74e65cb878 am: 4cc45b3537

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2077301 Change-Id: Ida13a7a627603ffdcdc6b7f1770a92ff04e17e26 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-27 20:27:50 +00:00 · 2022-04-27 20:27:50 +00:00 · 39b18f6963
commit 39b18f6963
parent 3db102bc55 4cc45b3537
1 changed files with 2 additions and 8 deletions
--- a/public/toolbox.te
+++ b/public/toolbox.te
@ -1,5 +1,4 @@
 # Any toolbox command run by init.
-# At present, the only known usage is for running mkswap via fs_mgr.
 # Do NOT use this domain for toolbox when run by any other domain.
 type toolbox, domain;
 type toolbox_exec, system_file_type, exec_type, file_type;
@ -28,11 +27,6 @@ allow toolbox system_data_root_file:dir { remove_name write };
 allow toolbox system_data_file:dir { rmdir rw_dir_perms };
 allow toolbox system_data_file:file { getattr unlink };

-# chattr +F and chattr +P /data/media in init
+# chattr +F /data/media in init
 allow toolbox media_rw_data_file:dir { r_dir_perms setattr };
-allowxperm toolbox media_rw_data_file:dir ioctl {
-  FS_IOC_FSGETXATTR
-  FS_IOC_FSSETXATTR
-  FS_IOC_GETFLAGS
-  FS_IOC_SETFLAGS
-};
+allowxperm toolbox media_rw_data_file:dir ioctl { FS_IOC_SETFLAGS FS_IOC_GETFLAGS };