Separate fsck domains to protect userdata.

Create new vold_fsck domain that only has access to vold_block devices to prevent any access to internal userdata. Change-Id: I25ddcd16cbf83d7a25b70bc64d95f5345d0d5731
author: Jeff Sharkey <jsharkey@android.com> 2015-03-31 08:04:46 -0700
committer: Jeff Sharkey <jsharkey@android.com> 2015-03-31 08:13:20 -0700
commit: 5a5b364c54bbeb2ac032dac18e378370bd35fb45 (patch)
tree: c79784cfec8ad50119d571de7e09faa3d0561ea4 /vold.te
parent: 5895ffe1f72ea660652ff3d4b3e84dde598fce22 (diff)
download: android_external_sepolicy-5a5b364c54bbeb2ac032dac18e378370bd35fb45.tar.gz
android_external_sepolicy-5a5b364c54bbeb2ac032dac18e378370bd35fb45.tar.bz2
android_external_sepolicy-5a5b364c54bbeb2ac032dac18e378370bd35fb45.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/vold.te b/vold.te
index cde7c77..0a42b2d 100644
--- a/vold.te
+++ b/vold.te
@@ -8,7 +8,7 @@ init_daemon_domain(vold)
 domain_auto_trans(vold, sgdisk_exec, sgdisk);
 domain_auto_trans(vold, blkid_exec, blkid);
 domain_auto_trans(vold, sdcardd_exec, sdcardd);
-domain_auto_trans(vold, fsck_exec, fsck);
+domain_auto_trans(vold, fsck_exec, vold_fsck);
 
 typeattribute vold mlstrustedsubject;
 allow vold self:process setfscreate;
author	Jeff Sharkey <jsharkey@android.com>	2015-03-31 08:04:46 -0700
committer	Jeff Sharkey <jsharkey@android.com>	2015-03-31 08:13:20 -0700
commit	5a5b364c54bbeb2ac032dac18e378370bd35fb45 (patch)
tree	c79784cfec8ad50119d571de7e09faa3d0561ea4 /vold.te
parent	5895ffe1f72ea660652ff3d4b3e84dde598fce22 (diff)
download	android_external_sepolicy-5a5b364c54bbeb2ac032dac18e378370bd35fb45.tar.gz android_external_sepolicy-5a5b364c54bbeb2ac032dac18e378370bd35fb45.tar.bz2 android_external_sepolicy-5a5b364c54bbeb2ac032dac18e378370bd35fb45.zip