diff options
author | Elliott Hughes <enh@google.com> | 2015-04-24 21:09:36 +0000 |
---|---|---|
committer | Android Git Automerger <android-git-automerger@android.com> | 2015-04-24 21:09:36 +0000 |
commit | 9b8505b1e77ddeca1cde547162c2910c29c2ecec (patch) | |
tree | 191a623a4e78d77142fec282b371df4c67e6083d /domain.te | |
parent | bc5cd57b41d3ff036c271bc258a53152cfc49f2d (diff) | |
parent | a331c593d1ed9ad5da8e68626a59b3a33a225531 (diff) | |
download | android_external_sepolicy-9b8505b1e77ddeca1cde547162c2910c29c2ecec.tar.gz android_external_sepolicy-9b8505b1e77ddeca1cde547162c2910c29c2ecec.tar.bz2 android_external_sepolicy-9b8505b1e77ddeca1cde547162c2910c29c2ecec.zip |
am a331c593: am 5aac86dc: Revert "Revert "SELinux policy changes for re-execing init.""
* commit 'a331c593d1ed9ad5da8e68626a59b3a33a225531':
Revert "Revert "SELinux policy changes for re-execing init.""
Diffstat (limited to 'domain.te')
-rw-r--r-- | domain.te | 3 |
1 files changed, 2 insertions, 1 deletions
@@ -299,7 +299,8 @@ neverallow { domain -init } property_data_file:file no_w_file_perms; # Only recovery should be doing writes to /system neverallow { domain -recovery } { system_file exec_type }:dir_file_class_set - { create write setattr relabelfrom relabelto append unlink link rename }; + { create write setattr relabelfrom append unlink link rename }; +neverallow { domain -recovery -kernel } { system_file exec_type }:dir_file_class_set relabelto; # Don't allow mounting on top of /system files or directories neverallow domain { system_file exec_type }:dir_file_class_set mounton; |