From 16c889c51f0667c7d063f959922b5c98bcebfd7a Mon Sep 17 00:00:00 2001
From: Max <jbires@google.com>
Date: Tue, 13 Dec 2016 15:37:33 -0800
Subject: [PATCH] Removing file system remount permission from vold

There is no reason for vold to have this permission, and a proper
auditallow rule has been used and monitored to ensure that nothing on
android uses this permission.

Bug: 26901147

Test: Phone boots
Change-Id: Id36ed2722348f433fe3d046a3429066338230fec
---
 public/vold.te | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/public/vold.te b/public/vold.te
index fe3ab7199..6baba08da 100644
--- a/public/vold.te
+++ b/public/vold.te
@@ -93,10 +93,7 @@ allow vold ion_device:chr_file r_file_perms;
 #
 
 # Unmount and mount the fs.
-allow vold labeledfs:filesystem { mount unmount remount };
-# audit any attempts of vold to remount a filesystem, monitor in a few weeks
-# then remove
-auditallow vold labeledfs:filesystem { remount };
+allow vold labeledfs:filesystem { mount unmount };
 
 # Access /efs/userdata_footer.
 # XXX Split into a separate type?
-- 
GitLab