Merge "drop vold from sys_rawio neverallow exception" into nyc-dev

0959aa67 · TreeHugger Robot · Android (Google) Code Review · f77bc233 · a499041f · 0959aa67
Commit 0959aa67 authored 8 years ago by TreeHugger Robot Committed by Android (Google) Code Review 8 years ago
--- a/domain.te
+++ b/domain.te
@@ -166,7 +166,7 @@ neverallow {
 } self:capability mknod;

 # Limit raw I/O to these whitelisted domains.
-neverallow { domain -kernel -init -recovery -ueventd -watchdogd -healthd -vold -uncrypt -tee } self:capability sys_rawio;
+neverallow { domain -kernel -init -recovery -ueventd -watchdogd -healthd -uncrypt -tee } self:capability sys_rawio;

 # No process can map low memory (< CONFIG_LSM_MMAP_MIN_ADDR).
 neverallow * self:memprotect mmap_zero;