domain: Restore original neverallow rules for shipping builds

MR1 CTS validates the integrity of neverallow rules, so we can't change them Fixes android.cts.security.SELinuxNeverallowRulesTest#testNeverallowRules82 Change-Id: If8d3e26355a0774edee60ac9293a58eb48dc1b48
author: Ricardo Cerqueira <ricardo@cyngn.com> 2015-06-16 02:17:56 +0100
committer: Ricardo Cerqueira <ricardo@cyngn.com> 2015-06-16 02:17:56 +0100
commit: 1d7bc1d6cd9a88943acdc202150a1984d67a82be (patch)
tree: ab21f45cddac2c8e345898569ff941c2a860f1ab /vold.te
parent: d2a9e973cd087b936df9ac2592f1e01468bbbec4 (diff)
download: android_external_sepolicy-1d7bc1d6cd9a88943acdc202150a1984d67a82be.tar.gz
android_external_sepolicy-1d7bc1d6cd9a88943acdc202150a1984d67a82be.tar.bz2
android_external_sepolicy-1d7bc1d6cd9a88943acdc202150a1984d67a82be.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/vold.te b/vold.te
index ca163e4..edcacfa 100644
--- a/vold.te
+++ b/vold.te
@@ -13,7 +13,9 @@ allow vold devpts:chr_file rw_file_perms;
 allow vold rootfs:dir mounton;
 allow vold sdcard_type:dir mounton;
 allow vold sdcard_type:filesystem { mount remount unmount };
-allow vold sdcard_posix:filesystem { relabelto relabelfrom };
+ifelse(shipping_build, `true', ,
+  allow vold sdcard_posix:filesystem { relabelto relabelfrom };
+)
 allow vold labeledfs:filesystem { relabelfrom };
 allow vold sdcard_type:dir create_dir_perms;
 allow vold sdcard_type:file create_file_perms;
author	Ricardo Cerqueira <ricardo@cyngn.com>	2015-06-16 02:17:56 +0100
committer	Ricardo Cerqueira <ricardo@cyngn.com>	2015-06-16 02:17:56 +0100
commit	1d7bc1d6cd9a88943acdc202150a1984d67a82be (patch)
tree	ab21f45cddac2c8e345898569ff941c2a860f1ab /vold.te
parent	d2a9e973cd087b936df9ac2592f1e01468bbbec4 (diff)
download	android_external_sepolicy-1d7bc1d6cd9a88943acdc202150a1984d67a82be.tar.gz android_external_sepolicy-1d7bc1d6cd9a88943acdc202150a1984d67a82be.tar.bz2 android_external_sepolicy-1d7bc1d6cd9a88943acdc202150a1984d67a82be.zip