Skip to content
Snippets Groups Projects
Commit 07e73489 authored by Nick Kralevich's avatar Nick Kralevich
Browse files

init: drop read_policy permission 

As of https://android-review.googlesource.com/127858 ,
open(O_RDONLY) is no longer used for chmod. It's no
longer necessary to allow init to read the SELinux policy.

Change-Id: I691dd220827a01a8d7a9955b62f8aca50eb25447
parent ed532c06
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 0 additions and 3 deletions
init.te
+ 0
3
View file @ 07e73489
......@@ -115,9 +115,6 @@ allow init kernel:security load_policy;
allow init kernel:system syslog_mod;
allow init self:capability2 syslog;
# Triggered by chmod 0444 /sys/fs/selinux/policy.
allow init kernel:security read_policy;
# Set usermodehelpers and /proc security settings.
allow init usermodehelper:file rw_file_perms;
allow init proc_security:file rw_file_perms;
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment