diff options
author | Stephen Smalley <sds@tycho.nsa.gov> | 2014-09-30 11:24:34 -0400 |
---|---|---|
committer | Nick Kralevich <nnk@google.com> | 2014-10-21 01:56:37 +0000 |
commit | 3da1ffbad06bd0a9a98954fa0be229a8bd53ebec (patch) | |
tree | cd06d17d3a74b80fbf228d134ef7978279f2156c /fsck.te | |
parent | beb279c7ea23abc77641e891a76e9bceb6f38883 (diff) | |
download | android_external_sepolicy-3da1ffbad06bd0a9a98954fa0be229a8bd53ebec.tar.gz android_external_sepolicy-3da1ffbad06bd0a9a98954fa0be229a8bd53ebec.tar.bz2 android_external_sepolicy-3da1ffbad06bd0a9a98954fa0be229a8bd53ebec.zip |
Remove block_device:blk_file access from fsck.
Now that we have assigned specific types to userdata and cache
block devices, we can remove the ability of fsck to run on other
block devices.
Change-Id: I8cfb3dc0e4ebe6b73346ff291ecb11397bb0c2d0
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Diffstat (limited to 'fsck.te')
-rw-r--r-- | fsck.te | 4 |
1 files changed, 0 insertions, 4 deletions
@@ -13,10 +13,6 @@ allow fsck tmpfs:chr_file { read write ioctl }; allow fsck devpts:chr_file { read write ioctl getattr }; # Run e2fsck on block devices. -# TODO: Assign userdata and cache block device types to the corresponding -# block devices in all device policies, and then remove access to -# block_device:blk_file from here. -allow fsck block_device:blk_file rw_file_perms; allow fsck userdata_block_device:blk_file rw_file_perms; allow fsck cache_block_device:blk_file rw_file_perms; |