Merge "shell: remove from system_executes_vendor_violators." am: 8c8ed1f0

am: 602575ec Change-Id: I6ad1399b8adf591eea47bcd375f868ef0f313777

Merge "shell: remove from system_executes_vendor_violators." am: 8c8ed1f0
1e20b404 · Tri Vo · android-build-merger · 6453e913 · 602575ec · 1e20b404
Commit 1e20b404 authored 7 years ago by Tri Vo Committed by android-build-merger 7 years ago
--- a/public/domain.te
+++ b/public/domain.te
@@ -912,6 +912,7 @@ full_treble_only(`
    neverallow {
      coredomain
      -init
+      -shell
      -system_executes_vendor_violators
    } {
      vendor_file_type
@@ -922,6 +923,7 @@ full_treble_only(`

    neverallow {
      coredomain
+      -shell
      -system_executes_vendor_violators
    } vendor_file_type:file execute_no_trans;
 ')

--- a/public/shell.te
+++ b/public/shell.te
@@ -190,8 +190,6 @@ allow shell service_contexts_file:file r_file_perms;
 allow shell sepolicy_file:file r_file_perms;

 # Allow shell to start up vendor shell
-# TODO(b/62041836): system processes should not run vendor executables.
-typeattribute shell system_executes_vendor_violators;
 allow shell vendor_shell_exec:file rx_file_perms;

 ###