Policy for overlay_remounter Note - type definitions moved outside the userdebug_or_eng macro to avoid breaking user builds. User build (lynx-trunk_staging-user) built and flashed to avoid a repeat of b/392686305 Test: system/core/fs_mgr/tests/adb-remount-test.sh Bug: 388912628 Change-Id: Ice404a0b798a4dcbfcafb10d5b114807b21dca10

commit: 840b607104c13e51e99edc991cf70cc4a033ea7f [log] [tgz]
author: Paul Lawrence <paullawrence@google.com> Tue Jan 28 07:41:05 2025 -0800
committer: Paul Lawrence <paullawrence@google.com> Tue Jan 28 07:44:41 2025 -0800
tree: 0d10cc7b0a910a9d79b5727177fd14f5c9ae8d86
parent: 86fb1ca1a4aa8798f236c7014d49846b8d8a5fed [diff] [blame]
diff --git a/private/incident_helper.te b/private/incident_helper.te
index b453855..cdaf144 100644
--- a/private/incident_helper.te
+++ b/private/incident_helper.te

@@ -11,4 +11,13 @@
 allow incident_helper incidentd:unix_stream_socket { read write };
 
 # only allow incidentd and shell to call incident_helper
-neverallow { domain -incidentd -incident_helper -shell } incident_helper_exec:file { execute execute_no_trans };
+neverallow {
+    domain
+    -incidentd
+    -incident_helper
+    -shell
+    userdebug_or_eng(`-overlay_remounter')
+} incident_helper_exec:file {
+    execute
+    execute_no_trans
+};
commit	840b607104c13e51e99edc991cf70cc4a033ea7f	[log] [tgz]
author	Paul Lawrence <paullawrence@google.com>	Tue Jan 28 07:41:05 2025 -0800
committer	Paul Lawrence <paullawrence@google.com>	Tue Jan 28 07:44:41 2025 -0800
tree	0d10cc7b0a910a9d79b5727177fd14f5c9ae8d86
parent	86fb1ca1a4aa8798f236c7014d49846b8d8a5fed [diff] [blame]