am 508fe94a: am 7e86e19d: remove "allow vold block_device:blk_file create_file_perms;"

* commit '508fe94a': remove "allow vold block_device:blk_file create_file_perms;"

am 508fe94a: am 7e86e19d: remove "allow vold block_device:blk_file create_file_perms;"
a683908d · Nick Kralevich · Android Git Automerger · fee54098 · 508fe94a · a683908d
Commit a683908d authored Oct 7, 2015 by Nick Kralevich Committed by Android Git Automerger Oct 7, 2015
--- a/domain.te
+++ b/domain.te
@@ -266,7 +266,7 @@ neverallow domain init:binder *;
 # Don't allow raw read/write/open access to block_device
 # Rather force a relabel to a more specific type
-neverallow { domain -kernel -init -recovery -vold -uncrypt } block_device:blk_file { open read write };
+neverallow { domain -kernel -init -recovery -uncrypt } block_device:blk_file { open read write };
 # Don't allow raw read/write/open access to generic devices.
 # Rather force a relabel to a more specific type.

--- a/vold.te
+++ b/vold.te
@@ -28,8 +28,6 @@ allow vold system_file:file x_file_perms;
 allow vold toolbox_exec:file rx_file_perms;
 auditallow vold toolbox_exec:file rx_file_perms;
 allow vold block_device:dir create_dir_perms;
-allow vold block_device:blk_file create_file_perms;
-auditallow vold block_device:blk_file create_file_perms;
 allow vold device:dir write;
 allow vold devpts:chr_file rw_file_perms;
 allow vold rootfs:dir mounton;