From c510576e6518b5b1bcfcb64f7a8e879ea313fe84 Mon Sep 17 00:00:00 2001
From: Jeff Vander Stoep <jeffv@google.com>
Date: Mon, 27 Jun 2016 13:49:28 -0700
Subject: [PATCH] Only zygote and runas my transistion to app domains

Remove exemption for init.

Bug: 29761117
Change-Id: I754ca647e3834010702c7dcd7fd10c1f6c61c594
---
 domain.te | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/domain.te b/domain.te
index bd1681e78..332db9401 100644
--- a/domain.te
+++ b/domain.te
@@ -484,7 +484,7 @@ neverallow {
 } shell:process { transition dyntransition };
 
 # Only domains spawned from zygote and runas may have the appdomain attribute.
-neverallow { domain -runas -zygote -init } {
+neverallow { domain -runas -zygote } {
   appdomain -shell userdebug_or_eng(`-su')
 }:process { transition dyntransition };
 
-- 
GitLab