aed0f76ee9
Give /data itself a different label to its contents, to ensure that only init creates files and directories there. This change originally landed as aosp/1106014 and was reverted in aosp/1116238 to fix b/140402208. aosp/1116298 fixes the underlying problem, and with that we can re-land this change. Bug: 139190159 Bug: 140402208 Test: aosp boots, logs look good Change-Id: I1a366c577a0fff307ca366a6844231bcf8afe3bf
8 lines
366 B
Plaintext
8 lines
366 B
Plaintext
# Creating files on sysfs is impossible so this isn't a threat
|
|
# Sometimes we have to write to non-existent files to avoid conditional
|
|
# init behavior. See b/35303861 for an example.
|
|
dontaudit vendor_init sysfs:dir write;
|
|
|
|
# TODO(b/140259336) We want to remove vendor_init in the long term but allow for now
|
|
allow vendor_init system_data_root_file:dir rw_dir_perms;
|