Merge "Enforce assumptions around metadata_block_device" am: 62f0b8ea am: 320e821e

am: c6bcdbdf Change-Id: Ic7045b9dbb99cda3edb30f47ed9ecdbf542da92e

Merge "Enforce assumptions around metadata_block_device" am: 62f0b8ea am: 320e821e
fb4f3617 · Nick Kralevich · android-build-merger · 42899fbb · c6bcdbdf · fb4f3617
Commit fb4f3617 authored 8 years ago by Nick Kralevich Committed by android-build-merger 8 years ago
--- a/public/domain.te
+++ b/public/domain.te
@@ -383,6 +383,12 @@ neverallow {
  -ueventd # Further restricted in ueventd.te
 } frp_block_device:blk_file rw_file_perms;

+# The metadata block device is set aside for device encryption and
+# verified boot metadata. It may be reset at will and should not
+# be used by other domains.
+neverallow { domain -init -recovery -vold } metadata_block_device:blk_file
+  { append link rename write open read ioctl lock };
+
 # No domain other than recovery and update_engine can write to system partition(s).
 neverallow { domain -recovery -update_engine } system_block_device:blk_file write;