diff options
| author | Nick Kralevich <nnk@google.com> | 2014-05-31 08:07:39 -0700 |
|---|---|---|
| committer | Nick Kralevich <nnk@google.com> | 2014-05-31 08:10:30 -0700 |
| commit | 4203981e8b0c741057268b6a633fe9e84b31ebd6 (patch) | |
| tree | 46dca12c2c3b04c0817163f9c8a2b31b2a676553 /recovery.te | |
| parent | 8b7545bf5745e1e0aba55b0334de40d2334728b1 (diff) | |
| download | android_external_sepolicy-4203981e8b0c741057268b6a633fe9e84b31ebd6.tar.gz android_external_sepolicy-4203981e8b0c741057268b6a633fe9e84b31ebd6.tar.bz2 android_external_sepolicy-4203981e8b0c741057268b6a633fe9e84b31ebd6.zip | |
recovery: enable permissive_or_unconfined
Switch from using unconfined_domain() to permissive_or_unconfined().
For user builds, or builds with FORCE_PERMISSIVE_TO_UNCONFINED=true,
this is a no-op. For userdebug / eng builds, this will allow us to
collect denials from /proc/last_kmsg.
Change-Id: I41e1a206b2a3b0eee34539bfebfc5deee9e18a42
Diffstat (limited to 'recovery.te')
| -rw-r--r-- | recovery.te | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/recovery.te b/recovery.te index 41038c8..3efae4e 100644 --- a/recovery.te +++ b/recovery.te @@ -8,7 +8,7 @@ type recovery, domain; # Otherwise recovery is only allowed the domain rules. recovery_only(` allow recovery rootfs:file entrypoint; - unconfined_domain(recovery) + permissive_or_unconfined(recovery) # Set security contexts on files that are not known to the loaded policy. allow recovery self:capability2 mac_admin; |