PWN-Hunter/android_system_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Resolve neverallow in retrofit devices

Browse Source 
Commit Ia78d4b0ea942a139c8a4070dc63a0eed218e3e18 added the following
rule for debuggable builds:
    allow remount super_block_device_type:blk_file rw_file_perms;

That causes a neverallow on retrofit devices that define this:
    typeattribute system_block_device super_block_device_type;

Test: m; observe no neverallow in userdebug build
Change-Id: I7cfe160542b2e9b290bc1d6470c6286b5ca21e1f
This commit is contained in:
Michael Bestas 2024-06-14 04:33:58 +03:00 committed by Michael Bestas
parent 9185e3731c
commit 237bbeaf2a
No known key found for this signature in database
GPG Key ID: CC95044519BE6669
3 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
private/remount.te
View File

@ -1,4 +1,3 @@
type remount, domain, coredomain;
type remount_exec, system_file_type, exec_type, file_type;
userdebug_or_eng(`

1
public/domain.te
View File

@ -618,6 +618,7 @@ neverallow {
userdebug_or_eng(`-fsck')
userdebug_or_eng(`-init')
-recovery
userdebug_or_eng(`-remount')
-update_engine
} system_block_device:blk_file { write append };

1
public/remount.te Normal file
View File

@ -0,0 +1 @@
type remount, domain, coredomain;