Skip to content
Snippets Groups Projects
Commit 8e1b33a6 authored by Andreas Gampe's avatar Andreas Gampe Committed by android-build-merger
Browse files

Sepolicy: Ignore otapreopt_chroot setsched denial 

am: 0f81e066

Change-Id: I32529d2b8ad064f41d357f35b15c9acd31381bee
parents a392783b 0f81e066
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 2 additions and 0 deletions
otapreopt_chroot.te
+ 2
0
View file @ 8e1b33a6
...@@ -10,6 +10,8 @@ allow otapreopt_chroot self:capability { sys_admin sys_chroot }; ...@@ -10,6 +10,8 @@ allow otapreopt_chroot self:capability { sys_admin sys_chroot };
# This is required to mount /vendor. # This is required to mount /vendor.
allow otapreopt_chroot block_device:dir search; allow otapreopt_chroot block_device:dir search;
allow otapreopt_chroot labeledfs:filesystem mount; allow otapreopt_chroot labeledfs:filesystem mount;
# Mounting /vendor can have this side-effect. Ignore denial.
dontaudit otapreopt_chroot kernel:process setsched;
# Allow to transition to postinstall_ota, to run otapreopt in its own sandbox. # Allow to transition to postinstall_ota, to run otapreopt in its own sandbox.
domain_auto_trans(otapreopt_chroot, postinstall_file, postinstall_dexopt) domain_auto_trans(otapreopt_chroot, postinstall_file, postinstall_dexopt)
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment