tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Move allow rule out of the neverallow section am: abbd8aeefd am: 94a092c7d0

Browse source 
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2611889

Change-Id: I1d13a4bafac0673e3081a525edc4ac7c2781af48
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
This commit is contained in:
Brian Lindahl 2023-06-02 02:10:31 +00:00 committed by Automerger Merge Worker
commit 9933bee328
1 changed files with 4 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
public/domain.te
View file

@ -334,6 +334,10 @@ with_asan(`allow domain system_asan_options_file:file r_file_perms;')
allow domain apex_mnt_dir:dir { getattr search };
allow domain apex_mnt_dir:lnk_file r_file_perms;
# Allow everyone to read media server-configurable flags, so that libstagefright can be
# configured using server-configurable flags
get_prop(domain, device_config_media_native_prop)
###
### neverallow rules
###
@ -1286,7 +1290,3 @@ neverallow { domain -traced_probes -init -vendor_init } debugfs_tracing_printk_f
# Linux lockdown "integrity" level is enforced for user builds.
neverallow { domain userdebug_or_eng(`-domain') } self:lockdown integrity;
# Allow everyone to read media server-configurable flags, so that libstagefright can be
# configured using server-configurable flags
get_prop(domain, device_config_media_native_prop)