Removing file system remount permission from vold There is no reason for vold to have this permission, and a proper auditallow rule has been used and monitored to ensure that nothing on android uses this permission. Bug: 26901147 Test: Phone boots Change-Id: Id36ed2722348f433fe3d046a3429066338230fec

commit: 16c889c51f0667c7d063f959922b5c98bcebfd7a [log] [tgz]
author: Max <jbires@google.com> Tue Dec 13 15:37:33 2016 -0800
committer: Max <jbires@google.com> Tue Dec 13 15:37:33 2016 -0800
tree: 5312568ada7181d76cd8176ceb73a18ca834e60f
parent: a95c52e347618d5f6797e01ad460094a90800a27 [diff]
diff --git a/public/vold.te b/public/vold.te
index fe3ab71..6baba08 100644
--- a/public/vold.te
+++ b/public/vold.te

@@ -93,10 +93,7 @@
 #
 
 # Unmount and mount the fs.
-allow vold labeledfs:filesystem { mount unmount remount };
-# audit any attempts of vold to remount a filesystem, monitor in a few weeks
-# then remove
-auditallow vold labeledfs:filesystem { remount };
+allow vold labeledfs:filesystem { mount unmount };
 
 # Access /efs/userdata_footer.
 # XXX Split into a separate type?
commit	16c889c51f0667c7d063f959922b5c98bcebfd7a	[log] [tgz]
author	Max <jbires@google.com>	Tue Dec 13 15:37:33 2016 -0800
committer	Max <jbires@google.com>	Tue Dec 13 15:37:33 2016 -0800
tree	5312568ada7181d76cd8176ceb73a18ca834e60f
parent	a95c52e347618d5f6797e01ad460094a90800a27 [diff]