diff options
author | Nick Kralevich <nnk@google.com> | 2014-06-26 16:30:10 -0700 |
---|---|---|
committer | Nick Kralevich <nnk@google.com> | 2014-07-07 22:05:28 +0000 |
commit | c2ba5ed90876e7c3f105ed658788557c68ab72b8 (patch) | |
tree | 2480effa3cde537ef3580e359f69278c16b7a019 /recovery.te | |
parent | 3508d611cc661730bdf0e706d2f1fd1814cd8c60 (diff) | |
download | android_external_sepolicy-c2ba5ed90876e7c3f105ed658788557c68ab72b8.tar.gz android_external_sepolicy-c2ba5ed90876e7c3f105ed658788557c68ab72b8.tar.bz2 android_external_sepolicy-c2ba5ed90876e7c3f105ed658788557c68ab72b8.zip |
recovery: start enforcing SELinux rules
Start enforcing SELinux rules for recovery. I've been monitoring
denials, and I haven't seen anything which would indicate a problem.
We can always roll this back if something goes wrong.
Change-Id: I7d3a147f8b9000bf8181d2aa32520f15f291a6f3
Diffstat (limited to 'recovery.te')
-rw-r--r-- | recovery.te | 1 |
1 files changed, 0 insertions, 1 deletions
diff --git a/recovery.te b/recovery.te index 282ed3e..9c59003 100644 --- a/recovery.te +++ b/recovery.te @@ -8,7 +8,6 @@ type recovery, domain; # Otherwise recovery is only allowed the domain rules. recovery_only(` allow recovery rootfs:file { entrypoint execute }; - permissive_or_unconfined(recovery) allow recovery self:capability { chown dac_override fowner fsetid setfcap setuid setgid sys_admin sys_tty_config }; |