Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 74e65cb8784de2fba55241704c918522e0a0fc07^1..74e65cb8784de2fba55241704c918522e0a0fc07 / .
commit74e65cb8784de2fba55241704c918522e0a0fc07[log] [tgz]
authorEric Biggers <ebiggers@google.com>Wed Apr 27 19:24:57 2022 +0000
committerGerrit Code Review <noreply-gerritcodereview@google.com>Wed Apr 27 19:24:57 2022 +0000
tree143db112d91743544344810ad0f416dabdb2d6a9
parentbb270f64c9685aa9521b94d9a704aacdc8c2f703 [diff]
parent52238a1e0c4901535df6ebcd0d38302666d06014 [diff]
Merge "toolbox.te: remove unneeded FS_IOC_FS[GS]ETXATTR permission"
diff --git a/public/toolbox.te b/public/toolbox.te
index 4c2cc3e..93adbc4 100644
--- a/public/toolbox.te
+++ b/public/toolbox.te

@@ -1,5 +1,4 @@
 # Any toolbox command run by init.
-# At present, the only known usage is for running mkswap via fs_mgr.
 # Do NOT use this domain for toolbox when run by any other domain.
 type toolbox, domain;
 type toolbox_exec, system_file_type, exec_type, file_type;
@@ -28,11 +27,6 @@
 allow toolbox system_data_file:dir { rmdir rw_dir_perms };
 allow toolbox system_data_file:file { getattr unlink };
 
-# chattr +F and chattr +P /data/media in init
+# chattr +F /data/media in init
 allow toolbox media_rw_data_file:dir { r_dir_perms setattr };
-allowxperm toolbox media_rw_data_file:dir ioctl {
-  FS_IOC_FSGETXATTR
-  FS_IOC_FSSETXATTR
-  FS_IOC_GETFLAGS
-  FS_IOC_SETFLAGS
-};
+allowxperm toolbox media_rw_data_file:dir ioctl { FS_IOC_SETFLAGS FS_IOC_GETFLAGS };