Allow shell to read default fstab CTS module CtsFsMgrTestCases (gtest) needs to read fstab. Fixes: 184850580 Test: CtsFsMgrTestCases on user build Change-Id: I0f04bb021d8732a1c5f987ba2984da2c98f40653

commit: 694ab7920756ac5f8ef29b64fe0aacbf208663b3 [log] [tgz]
author: Yi-Yo Chiang <yochiang@google.com> Fri Apr 09 13:39:20 2021 +0800
committer: Yo Chiang <yochiang@google.com> Mon Apr 12 04:46:06 2021 +0000
tree: beb6896052a5fca029e6783bd7812a714cb63f2d
parent: df4b04571b976df0538846f6236bed5ce387cd91 [diff] [blame]
diff --git a/private/gsid.te b/private/gsid.te
index e6a395a..8a13cb1 100644
--- a/private/gsid.te
+++ b/private/gsid.te

@@ -183,7 +183,10 @@
 } gsi_public_metadata_file:file_class_set ~{ r_file_perms };
 
 # Prevent apps from accessing gsi_metadata_file_type.
-neverallow appdomain gsi_metadata_file_type:dir_file_class_set *;
+neverallow {
+    appdomain
+    -shell
+} gsi_metadata_file_type:dir_file_class_set *;
 
 neverallow {
     domain
commit	694ab7920756ac5f8ef29b64fe0aacbf208663b3	[log] [tgz]
author	Yi-Yo Chiang <yochiang@google.com>	Fri Apr 09 13:39:20 2021 +0800
committer	Yo Chiang <yochiang@google.com>	Mon Apr 12 04:46:06 2021 +0000
tree	beb6896052a5fca029e6783bd7812a714cb63f2d
parent	df4b04571b976df0538846f6236bed5ce387cd91 [diff] [blame]