remove init_shell
This domain was originally intended to be a place to hold rules for all init.*.rc shell scripts. However, it's now recommended that every init service have it's own SELinux domain, and the use of init_shell is to be avoided. Delete init_shell. No policy is using it anymore, and it's causing confusion for people implementing device specific SELinux policy. Bug: 18062250 Change-Id: I7c90851784b233443642ea69722f3281fd457621
This commit is contained in:
Nick Kralevich
parent
0d08d4721a
commit
f37d6b5713
1 changed files with 0 additions and 10 deletions
|
|
@ -1,10 +0,0 @@
|
|||
# Restricted domain for shell processes spawned by init.
|
||||
# Normally these are shell commands or scripts invoked via sh
|
||||
# from an init*.rc file. No service should ever run in this domain.
|
||||
type init_shell, domain;
|
||||
domain_auto_trans(init, shell_exec, init_shell)
|
||||
permissive_or_unconfined(init_shell)
|
||||
|
||||
# Run helpers from / or /system without changing domain.
|
||||
allow init_shell rootfs:file execute_no_trans;
|
||||
allow init_shell system_file:file execute_no_trans;
|
||||
Loading…
Reference in a new issue