From d9818a24618c1c501eb0105d8c6ad094632c9339 Mon Sep 17 00:00:00 2001 From: padarshr <padarshr@codeaurora.org> Date: Wed, 13 Jun 2018 17:20:34 +0530 Subject: [PATCH] Add ueventd to mnt_vendor_file neverallow exemption list Legacy hardware and code still depends on the ueventd helpers to locate the firmware supported files which are on new mount path labeled with mnt_vendot_file. For ueventd helper to work we need dir search and read permission on this new label so moving ueventd to exempted list. Already ueventd has the vendor_file_type read access. Bug:110083808 Bug:111906767 Change-Id: Ia15cc39ecef9e29b4f1f684efdddbeb78b427988 Merged-In: Ia15cc39ecef9e29b4f1f684efdddbeb78b427988 (cherry picked from commit 44ae7c2ccb5b2e31eeaa2ed091c4d9d543a8294c) --- prebuilts/api/28.0/public/domain.te | 1 + public/domain.te | 1 + 2 files changed, 2 insertions(+) diff --git a/prebuilts/api/28.0/public/domain.te b/prebuilts/api/28.0/public/domain.te index e9337b654..b94a9d8bd 100644 --- a/prebuilts/api/28.0/public/domain.te +++ b/prebuilts/api/28.0/public/domain.te @@ -1396,4 +1396,5 @@ userdebug_or_eng(` neverallow { coredomain -init + -ueventd } mnt_vendor_file:dir *; diff --git a/public/domain.te b/public/domain.te index e9337b654..b94a9d8bd 100644 --- a/public/domain.te +++ b/public/domain.te @@ -1396,4 +1396,5 @@ userdebug_or_eng(` neverallow { coredomain -init + -ueventd } mnt_vendor_file:dir *; -- GitLab