Remove init's write access to /data/user and /data/media As a follow-up to https://r.android.com/2078213, remove init's write access to directories with type system_userdir_file or media_userdir_file. This has been made possible by moving the creation of /data/user/0 and /data/media/obb to vold. Bug: 156305599 Change-Id: Ib9f43f2b111518833efe08e8cacd727c75b80266

commit: 17369bef4a216de221578575b34a10312b6b890b [log] [tgz]
author: Eric Biggers <ebiggers@google.com> Wed May 11 05:33:07 2022 +0000
committer: Eric Biggers <ebiggers@google.com> Thu May 12 00:19:29 2022 +0000
tree: 99ba9e75b940af6c23533e2a0276b1bc890ecfcb
parent: b10cffe76819906d8d158764de7f384956c20cad [diff] [blame]
diff --git a/private/system_server.te b/private/system_server.te
index 287503c..e77ba5d 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -487,7 +487,7 @@
 allow system_server keychain_data_file:lnk_file create_file_perms;
 
 # Read the user parent directories like /data/user.  Don't allow write access,
-# as vold and init are responsible for creating and deleting the subdirectories.
+# as vold is responsible for creating and deleting the subdirectories.
 allow system_server system_userdir_file:dir r_dir_perms;
 
 # Manage /data/app.
commit	17369bef4a216de221578575b34a10312b6b890b	[log] [tgz]
author	Eric Biggers <ebiggers@google.com>	Wed May 11 05:33:07 2022 +0000
committer	Eric Biggers <ebiggers@google.com>	Thu May 12 00:19:29 2022 +0000
tree	99ba9e75b940af6c23533e2a0276b1bc890ecfcb
parent	b10cffe76819906d8d158764de7f384956c20cad [diff] [blame]