Merge "Remove init's write access to /data/user and /data/media"
diff --git a/private/system_server.te b/private/system_server.te
index 287503c..e77ba5d 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -487,7 +487,7 @@
allow system_server keychain_data_file:lnk_file create_file_perms;
# Read the user parent directories like /data/user. Don't allow write access,
-# as vold and init are responsible for creating and deleting the subdirectories.
+# as vold is responsible for creating and deleting the subdirectories.
allow system_server system_userdir_file:dir r_dir_perms;
# Manage /data/app.
diff --git a/private/vold.te b/private/vold.te
index 22553ea..40c1a57 100644
--- a/private/vold.te
+++ b/private/vold.te
@@ -82,27 +82,13 @@
# /data/user/$userId. This is very important, as these directories need to be
# encrypted with per-user keys, which only vold can do. Encryption can only be
# set up on empty directories, so creation and encryption must happen together.
-#
-# Exception: init creates /data/user/0 and /data/media/obb, so that needs to be
-# allowed for now. (/data/media/obb isn't actually a per-user directory, but
-# it's located in /data/media so it constrains the sepolicy for that directory.)
neverallow {
domain
-vold
} {
- vendor_userdir_file
-}:dir {
- add_name
- remove_name
- write
-};
-neverallow {
- domain
- -vold
- -init
-} {
- system_userdir_file
media_userdir_file
+ system_userdir_file
+ vendor_userdir_file
}:dir {
add_name
remove_name
diff --git a/public/init.te b/public/init.te
index d7b89f1..8a07817 100644
--- a/public/init.te
+++ b/public/init.te
@@ -212,10 +212,11 @@
allow init {
file_type
-app_data_file
+ -credstore_data_file
-exec_type
-iorapd_data_file
- -credstore_data_file
-keystore_data_file
+ -media_userdir_file
-misc_logd_file
-nativetest_data_file
-privapp_data_file
@@ -223,6 +224,7 @@
-system_app_data_file
-system_dlkm_file_type
-system_file_type
+ -system_userdir_file
-vendor_file_type
-vendor_userdir_file
-vold_data_file