Merge "compos_verify_key no longer creates a vsock" am: e494c51bc9

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1827214

Change-Id: Ie1f78f588961fe6efc553e38effe34174bf3fac0
This commit is contained in:
Alan Stokes 2021-09-16 08:24:04 +00:00 committed by Automerger Merge Worker
commit 4cb59e4221

View file

@ -15,9 +15,6 @@ allow compos_verify_key apex_compos_data_file:file create_file_perms;
allow compos_verify_key odsign:fd use; allow compos_verify_key odsign:fd use;
allow compos_verify_key odsign_devpts:chr_file { read write }; allow compos_verify_key odsign_devpts:chr_file { read write };
# TODO: Remove this!
allow compos_verify_key self:vsock_socket create_socket_perms_no_ioctl;
# Only odsign can enter the domain via exec # Only odsign can enter the domain via exec
neverallow { domain -odsign } compos_verify_key:process transition; neverallow { domain -odsign } compos_verify_key:process transition;
neverallow * compos_verify_key:process dyntransition; neverallow * compos_verify_key:process dyntransition;