Mark shell as system_executes_vendor_violators. Bug: 62041836 Test: sailfish sepolicy builds Change-Id: Iad865fea852ab134dd848688e8870bc71f99788d

commit: 30a315700343ef606c480e015171d98a6cb3dd90 [log] [tgz]
author: Tri Vo <trong@google.com> Tue Jan 16 14:48:53 2018 -0800
committer: Tri Vo <trong@google.com> Wed Jan 17 09:39:22 2018 -0800
tree: dff9d36447589b673ed46443908292554d8934f6
parent: 97753529fdcb96e2c8c691d89069710ce75c3fcb [diff]
diff --git a/public/shell.te b/public/shell.te
index 496d472..719036c 100644
--- a/public/shell.te
+++ b/public/shell.te

@@ -186,6 +186,8 @@
 allow shell sepolicy_file:file r_file_perms;
 
 # Allow shell to start up vendor shell
+# TODO(b/62041836): system processes should not run vendor executables.
+typeattribute shell system_executes_vendor_violators;
 allow shell vendor_shell_exec:file rx_file_perms;
 
 ###
commit	30a315700343ef606c480e015171d98a6cb3dd90	[log] [tgz]
author	Tri Vo <trong@google.com>	Tue Jan 16 14:48:53 2018 -0800
committer	Tri Vo <trong@google.com>	Wed Jan 17 09:39:22 2018 -0800
tree	dff9d36447589b673ed46443908292554d8934f6
parent	97753529fdcb96e2c8c691d89069710ce75c3fcb [diff]