Add ueventd to mnt_vendor_file neverallow exemption list
Legacy hardware and code still depends on the ueventd helpers to
locate the firmware supported files which are on new mount path
labeled with mnt_vendot_file. For ueventd helper to work we need dir search
and read permission on this new label so moving ueventd to exempted list.
Already ueventd has the vendor_file_type read access.
Bug:110083808
Change-Id: Ia15cc39ecef9e29b4f1f684efdddbeb78b427988
diff --git a/public/domain.te b/public/domain.te
index 2f93e42..a3729f1 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -1390,6 +1390,7 @@
neverallow {
coredomain
-init
+ -ueventd
} mnt_vendor_file:dir *;
# Only apps are allowed access to vendor public libraries.