compos_verify_key no longer creates a vsock
Instead it gets it from virtualization_service, so this TODO is now done. Test: Manually run comps_verify_key Test: Trigger odsign to run compos_verify_key at boot Bug: 186126194 Change-Id: I705e7fd43b853a19c928ab76209ec321f10ec2d7
This commit is contained in:
parent
c5e8db55f9
commit
6c00021051
@ -15,9 +15,6 @@ allow compos_verify_key apex_compos_data_file:file create_file_perms;
|
||||
allow compos_verify_key odsign:fd use;
|
||||
allow compos_verify_key odsign_devpts:chr_file { read write };
|
||||
|
||||
# TODO: Remove this!
|
||||
allow compos_verify_key self:vsock_socket create_socket_perms_no_ioctl;
|
||||
|
||||
# Only odsign can enter the domain via exec
|
||||
neverallow { domain -odsign } compos_verify_key:process transition;
|
||||
neverallow * compos_verify_key:process dyntransition;
|
||||
|
Loading…
Reference in New Issue
Block a user