diff options
| author | Bart Van Assche <bvanassche@google.com> | 2021-10-12 09:17:14 -0700 |
|---|---|---|
| committer | Bart Van Assche <bvanassche@google.com> | 2021-10-12 09:20:03 -0700 |
| commit | f20fea50f12100896915184b22bb93033da8564f (patch) | |
| tree | a6ea003bbb58474445bab5ad92710ee203edacdf | |
| parent | aedd65ac207c8ec310b1f0a7f34bcc74370cf1d6 (diff) | |
| download | platform_system_sepolicy-f20fea50f12100896915184b22bb93033da8564f.tar.gz platform_system_sepolicy-f20fea50f12100896915184b22bb93033da8564f.tar.bz2 platform_system_sepolicy-f20fea50f12100896915184b22bb93033da8564f.zip | |
Stop granting init access to block device properties
Although there has been a plan to add code to the init process that
requires access to block device properties, that plan has not been
realized. Hence stop granting the init process access to block device
properties
Bug: 202520796
Test: source build/envsetup.sh && lunch aosp_x86_64 && m && launch_cvd
Change-Id: I0ed83bd533a901f85986d15f636c9b3f39fec271
Signed-off-by: Bart Van Assche <bvanassche@google.com>
| -rw-r--r-- | private/init.te | 6 |
1 files changed, 0 insertions, 6 deletions
diff --git a/private/init.te b/private/init.te index 200780dfb1..4312444f87 100644 --- a/private/init.te +++ b/private/init.te @@ -42,12 +42,6 @@ allow init sysfs_dm:file read; allow init sysfs_loop:dir r_dir_perms; allow init sysfs_loop:file rw_file_perms; -# Allow init to examine the properties of block devices. -allow init sysfs_block_type:file { getattr read }; -# Allow init access /dev/block -allow init bdev_type:dir r_dir_perms; -allow init bdev_type:blk_file getattr; - # Allow init to write to the drop_caches file. allow init proc_drop_caches:file rw_file_perms; |