diff options
Diffstat (limited to 'blkid.te')
| -rw-r--r-- | blkid.te | 20 |
1 files changed, 0 insertions, 20 deletions
diff --git a/blkid.te b/blkid.te deleted file mode 100644 index 43bc944..0000000 --- a/blkid.te +++ /dev/null @@ -1,20 +0,0 @@ -# blkid called from vold -type blkid, domain, domain_deprecated; -type blkid_exec, exec_type, file_type; - -# Allowed read-only access to encrypted devices to extract UUID/label -allow blkid block_device:dir search; -allow blkid userdata_block_device:blk_file r_file_perms; -allow blkid dm_device:blk_file r_file_perms; - -# Allow stdin/out back to vold -allow blkid vold:fd use; -allow blkid vold:fifo_file { read write getattr }; - -# For blkid launched through popen() -allow blkid blkid_exec:file rx_file_perms; - -# Only allow entry from vold -neverallow { domain -vold } blkid:process transition; -neverallow * blkid:process dyntransition; -neverallow blkid { file_type fs_type -blkid_exec -shell_exec }:file entrypoint; |