Remove block_device:blk_file access from fsck.

Now that we have assigned specific types to userdata and cache block devices, we can remove the ability of fsck to run on other block devices. Change-Id: I8cfb3dc0e4ebe6b73346ff291ecb11397bb0c2d0 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
author: Stephen Smalley <sds@tycho.nsa.gov> 2014-09-30 11:24:34 -0400
committer: Nick Kralevich <nnk@google.com> 2014-10-21 01:56:37 +0000
commit: 3da1ffbad06bd0a9a98954fa0be229a8bd53ebec (patch)
tree: cd06d17d3a74b80fbf228d134ef7978279f2156c /fsck.te
parent: beb279c7ea23abc77641e891a76e9bceb6f38883 (diff)
download: android_external_sepolicy-3da1ffbad06bd0a9a98954fa0be229a8bd53ebec.tar.gz
android_external_sepolicy-3da1ffbad06bd0a9a98954fa0be229a8bd53ebec.tar.bz2
android_external_sepolicy-3da1ffbad06bd0a9a98954fa0be229a8bd53ebec.zip
1 files changed, 0 insertions, 4 deletions
diff --git a/fsck.te b/fsck.te
index dd696d5..b4eb698 100644
--- a/fsck.te
+++ b/fsck.te
@@ -13,10 +13,6 @@ allow fsck tmpfs:chr_file { read write ioctl };
 allow fsck devpts:chr_file { read write ioctl getattr };
 
 # Run e2fsck on block devices.
-# TODO:  Assign userdata and cache block device types to the corresponding
-# block devices in all device policies, and then remove access to
-# block_device:blk_file from here.
-allow fsck block_device:blk_file rw_file_perms;
 allow fsck userdata_block_device:blk_file rw_file_perms;
 allow fsck cache_block_device:blk_file rw_file_perms;
author	Stephen Smalley <sds@tycho.nsa.gov>	2014-09-30 11:24:34 -0400
committer	Nick Kralevich <nnk@google.com>	2014-10-21 01:56:37 +0000
commit	3da1ffbad06bd0a9a98954fa0be229a8bd53ebec (patch)
tree	cd06d17d3a74b80fbf228d134ef7978279f2156c /fsck.te
parent	beb279c7ea23abc77641e891a76e9bceb6f38883 (diff)
download	android_external_sepolicy-3da1ffbad06bd0a9a98954fa0be229a8bd53ebec.tar.gz android_external_sepolicy-3da1ffbad06bd0a9a98954fa0be229a8bd53ebec.tar.bz2 android_external_sepolicy-3da1ffbad06bd0a9a98954fa0be229a8bd53ebec.zip