diff options
| author | Stephen Smalley <sds@tycho.nsa.gov> | 2015-02-24 18:07:15 -0500 |
|---|---|---|
| committer | Stephen Smalley <sds@tycho.nsa.gov> | 2015-02-24 18:11:51 -0500 |
| commit | f5e7162f1dc5f0b29fe16c55aab803c208dfa15a (patch) | |
| tree | 4c871311943ab2907c056e9d1ae3a672fc53cd14 /install_recovery.te | |
| parent | c6a0feb44d3f9bb1f30671dad298040c594a2fe6 (diff) | |
| download | android_external_sepolicy-f5e7162f1dc5f0b29fe16c55aab803c208dfa15a.tar.gz android_external_sepolicy-f5e7162f1dc5f0b29fe16c55aab803c208dfa15a.tar.bz2 android_external_sepolicy-f5e7162f1dc5f0b29fe16c55aab803c208dfa15a.zip | |
sepolicy: remove block_device access from install_recovery
The recovery partition has been assigned a recovery_block_device
type for the AOSP devices, so install_recovery should not need
rw access to the generic block_device type. Remove it.
Change-Id: I31621a8157998102859a6e9eb76d405caf6d5f0d
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Diffstat (limited to 'install_recovery.te')
| -rw-r--r-- | install_recovery.te | 4 |
1 files changed, 0 insertions, 4 deletions
diff --git a/install_recovery.te b/install_recovery.te index 5232685..9155a2d 100644 --- a/install_recovery.te +++ b/install_recovery.te @@ -14,11 +14,7 @@ allow install_recovery shell_exec:file rx_file_perms; allow install_recovery system_file:file rx_file_perms; # Update the recovery block device -# TODO: Limit this to only recovery block device when we -# create an appropriate label for it. allow install_recovery block_device:dir search; -allow install_recovery block_device:blk_file rw_file_perms; -auditallow install_recovery block_device:blk_file rw_file_perms; allow install_recovery recovery_block_device:blk_file rw_file_perms; # Create and delete /cache/saved.file |