remount: Allow 'shell' to run 'remount_exec' domain The domain of 'remount' used to be 'system_file', which is read-executable by 'shell'. However when I submitted aosp/1878144, the domain of 'remount' became 'remount_exec', and I forgot to allow 'shell' to read-execute the new 'remount_exec' domain. This makes `adb remount` w/o root to produce sub-par error message: $ adb remount [-h] /system/bin/sh: remount: inaccessible or not found Allow 'shell' to read-execute 'remount_exec', so that the user can get a proper error message when not running as root, and help (-h) message can be displayed: $ adb remount Not running as root. Try "adb root" first. $ adb remount -h Usage: remount ... Bug: 241688845 Test: adb unroot && adb remount [-h] Change-Id: I5c105eaffa7abddaf14a9d0120fd6b71749c7977

commit: 686d77913d2d04fe74cb7659e61abb66dbd37c5a [log] [tgz]
author: Yi-Yo Chiang <yochiang@google.com> Tue Nov 01 15:08:09 2022 +0800
committer: Yi-Yo Chiang <yochiang@google.com> Tue Nov 01 15:39:49 2022 +0800
tree: 45f742c9f9ffb9f63cf1a9b994f99747810b4496
parent: c347dc28fa7caeb1e70dcf40b057dcb3299161f5 [diff]
diff --git a/private/shell.te b/private/shell.te
index c20e612..6a7c629 100644
--- a/private/shell.te
+++ b/private/shell.te

@@ -121,6 +121,9 @@
   allow shell profcollectd:binder call;
 ')
 
+# Allow shell to run remount command.
+allow shell remount_exec:file rx_file_perms;
+
 # Allow shell to call perf_event_open for profiling other shell processes, but
 # not the whole system.
 allow shell self:perf_event { open read write kernel };
commit	686d77913d2d04fe74cb7659e61abb66dbd37c5a	[log] [tgz]
author	Yi-Yo Chiang <yochiang@google.com>	Tue Nov 01 15:08:09 2022 +0800
committer	Yi-Yo Chiang <yochiang@google.com>	Tue Nov 01 15:39:49 2022 +0800
tree	45f742c9f9ffb9f63cf1a9b994f99747810b4496
parent	c347dc28fa7caeb1e70dcf40b057dcb3299161f5 [diff]