Added an auditallow rule to track vold remounting filesystems. Vold shouldn't have this selinux permission, so this will be left in for a few weeks to keep track of if removing it would be an issue to any other processes. If not, then a follow-up CL will remove both the rule and the auditallow Test: This CL is a test in itself, auditallow rules shouldn't change behavior of SELinux policy by themselves Bug: 26901147 Change-Id: Ib076448863bd54278df59a3b514c9e877eb22ee5

commit: 314d8c5801a47523f18eb703205183f8fdd0068b [log] [tgz]
author: Max <jbires@google.com> Tue Nov 29 16:23:02 2016 -0800
committer: Max <jbires@google.com> Tue Nov 29 17:11:36 2016 -0800
tree: 3bb5d603e2f165a224dcce39e2583e2023942d74
parent: 7b6dbd736024ce5ffc21c4a90ed87a64aeaa67d9 [diff]
diff --git a/public/vold.te b/public/vold.te
index 3ebb1d2..fe3ab71 100644
--- a/public/vold.te
+++ b/public/vold.te

@@ -94,6 +94,9 @@
 
 # Unmount and mount the fs.
 allow vold labeledfs:filesystem { mount unmount remount };
+# audit any attempts of vold to remount a filesystem, monitor in a few weeks
+# then remove
+auditallow vold labeledfs:filesystem { remount };
 
 # Access /efs/userdata_footer.
 # XXX Split into a separate type?
commit	314d8c5801a47523f18eb703205183f8fdd0068b	[log] [tgz]
author	Max <jbires@google.com>	Tue Nov 29 16:23:02 2016 -0800
committer	Max <jbires@google.com>	Tue Nov 29 17:11:36 2016 -0800
tree	3bb5d603e2f165a224dcce39e2583e2023942d74
parent	7b6dbd736024ce5ffc21c4a90ed87a64aeaa67d9 [diff]