Added an auditallow rule to track vold remounting filesystems.

Vold shouldn't have this selinux permission, so this will be left in for a few weeks to keep track of if removing it would be an issue to any other processes. If not, then a follow-up CL will remove both the rule and the auditallow Test: This CL is a test in itself, auditallow rules shouldn't change behavior of SELinux policy by themselves Bug: 26901147 Change-Id: Ib076448863bd54278df59a3b514c9e877eb22ee5

Added an auditallow rule to track vold remounting filesystems.
314d8c58 · Max · 7b6dbd73 · 314d8c58
Commit 314d8c58 authored 8 years ago by Max
--- a/public/vold.te
+++ b/public/vold.te
@@ -94,6 +94,9 @@ allow vold ion_device:chr_file r_file_perms;

 # Unmount and mount the fs.
 allow vold labeledfs:filesystem { mount unmount remount };
+# audit any attempts of vold to remount a filesystem, monitor in a few weeks
+# then remove
+auditallow vold labeledfs:filesystem { remount };

 # Access /efs/userdata_footer.
 # XXX Split into a separate type?