Skip to content
Snippets Groups Projects
Commit 4203981e authored by Nick Kralevich's avatar Nick Kralevich
Browse files

recovery: enable permissive_or_unconfined 

Switch from using unconfined_domain() to permissive_or_unconfined().
For user builds, or builds with FORCE_PERMISSIVE_TO_UNCONFINED=true,
this is a no-op. For userdebug / eng builds, this will allow us to
collect denials from /proc/last_kmsg.

Change-Id: I41e1a206b2a3b0eee34539bfebfc5deee9e18a42
parent 8b7545bf
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 1 addition and 1 deletion
recovery.te
+ 1
1
View file @ 4203981e
...@@ -8,7 +8,7 @@ type recovery, domain; ...@@ -8,7 +8,7 @@ type recovery, domain;
# Otherwise recovery is only allowed the domain rules. # Otherwise recovery is only allowed the domain rules.
recovery_only(` recovery_only(`
allow recovery rootfs:file entrypoint; allow recovery rootfs:file entrypoint;
unconfined_domain(recovery) permissive_or_unconfined(recovery)
# Set security contexts on files that are not known to the loaded policy. # Set security contexts on files that are not known to the loaded policy.
allow recovery self:capability2 mac_admin; allow recovery self:capability2 mac_admin;
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment