aboutsummaryrefslogtreecommitdiffstats
path: root/domain.te
diff options
context:
space:
mode:
authorElliott Hughes <enh@google.com>2015-04-24 21:09:36 +0000
committerAndroid Git Automerger <android-git-automerger@android.com>2015-04-24 21:09:36 +0000
commit9b8505b1e77ddeca1cde547162c2910c29c2ecec (patch)
tree191a623a4e78d77142fec282b371df4c67e6083d /domain.te
parentbc5cd57b41d3ff036c271bc258a53152cfc49f2d (diff)
parenta331c593d1ed9ad5da8e68626a59b3a33a225531 (diff)
downloadandroid_external_sepolicy-9b8505b1e77ddeca1cde547162c2910c29c2ecec.tar.gz
android_external_sepolicy-9b8505b1e77ddeca1cde547162c2910c29c2ecec.tar.bz2
android_external_sepolicy-9b8505b1e77ddeca1cde547162c2910c29c2ecec.zip
am a331c593: am 5aac86dc: Revert "Revert "SELinux policy changes for re-execing init.""
* commit 'a331c593d1ed9ad5da8e68626a59b3a33a225531': Revert "Revert "SELinux policy changes for re-execing init.""
Diffstat (limited to 'domain.te')
-rw-r--r--domain.te3
1 files changed, 2 insertions, 1 deletions
diff --git a/domain.te b/domain.te
index b2b6d2c..d033d4e 100644
--- a/domain.te
+++ b/domain.te
@@ -299,7 +299,8 @@ neverallow { domain -init } property_data_file:file no_w_file_perms;
# Only recovery should be doing writes to /system
neverallow { domain -recovery } { system_file exec_type }:dir_file_class_set
- { create write setattr relabelfrom relabelto append unlink link rename };
+ { create write setattr relabelfrom append unlink link rename };
+neverallow { domain -recovery -kernel } { system_file exec_type }:dir_file_class_set relabelto;
# Don't allow mounting on top of /system files or directories
neverallow domain { system_file exec_type }:dir_file_class_set mounton;
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-18 11:44:29 +0000