Skip to content
Snippets Groups Projects
Commit f1eabc56 authored by Andreas Gampe's avatar Andreas Gampe
Browse files

Sepolicy: Ignore otapreopt_chroot setsched denial 

Ignore, as it's a side effect of mounting /vendor.

Bug: 31116514
Change-Id: If94a27a26181e40de5c5e60f5446de9ce2ccdba0
(cherry picked from commit 0f81e066)
parent da3c86ff
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 2 additions and 0 deletions
otapreopt_chroot.te
+ 2
0
View file @ f1eabc56
......@@ -10,6 +10,8 @@ allow otapreopt_chroot self:capability { sys_admin sys_chroot };
# This is required to mount /vendor.
allow otapreopt_chroot block_device:dir search;
allow otapreopt_chroot labeledfs:filesystem mount;
# Mounting /vendor can have this side-effect. Ignore denial.
dontaudit otapreopt_chroot kernel:process setsched;
# Allow to transition to postinstall_ota, to run otapreopt in its own sandbox.
domain_auto_trans(otapreopt_chroot, postinstall_file, postinstall_dexopt)
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment