Skip to content
Snippets Groups Projects
Commit f98da66e authored by Ed Coyne's avatar Ed Coyne
Browse files

DO NOT MERGE: Allow sepolicies granting bootanim exec on /oem. 

This is a backport of
https://android-review.googlesource.com/#/c/platform/system/sepolicy/+/458738/

since domain.te moved from ./domain.te to ./public/domain.te a straight
patch won't work.

(cherry picked from commit I6462bf510562eb3fb06304e50b68fba05d37b285)

Bug: 37992717
Test: Tested with Iot sepolicies in effect and bootanim can exec.
Change-Id: I387243d1d35a1240bbb64561e3a72f150c1f2a2c
parent f4c42343
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
Showing
with 1 addition and 0 deletions
domain.te
+ 1
0
View file @ f98da66e
......@@ -284,6 +284,7 @@ neverallow {
neverallow {
domain
-appdomain # for oemfs
-bootanim # for oemfs
-recovery # for /tmp/update_binary in tmpfs
} { fs_type -rootfs }:file execute;
# Files from cache should never be executed
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment