diff options
Diffstat (limited to 'toolbox.te')
| -rw-r--r-- | toolbox.te | 26 |
1 files changed, 0 insertions, 26 deletions
diff --git a/toolbox.te b/toolbox.te deleted file mode 100644 index 55de7eb..0000000 --- a/toolbox.te +++ /dev/null @@ -1,26 +0,0 @@ -# Any toolbox command run by init. -# At present, the only known usage is for running mkswap via fs_mgr. -# Do NOT use this domain for toolbox when run by any other domain. -type toolbox, domain, domain_deprecated; -type toolbox_exec, exec_type, file_type; - -init_daemon_domain(toolbox) - -# /dev/__null__ created by init prior to policy load, -# open fd inherited by fsck. -allow toolbox tmpfs:chr_file { read write ioctl }; - -# Inherit and use pty created by android_fork_execvp_ext(). -allow toolbox devpts:chr_file { read write getattr ioctl }; - -# mkswap-specific. -# Read/write block devices used for swap partitions. -# Assign swap_block_device type any such partition in your -# device/<vendor>/<product>/sepolicy/file_contexts file. -allow toolbox block_device:dir search; -allow toolbox swap_block_device:blk_file rw_file_perms; - -# Only allow entry from init via the toolbox binary. -neverallow { domain -init } toolbox:process transition; -neverallow * toolbox:process dyntransition; -neverallow toolbox { file_type fs_type -toolbox_exec}:file entrypoint; |