Revert "Policy for overlay_remounter" This reverts commit 879909f4d6e803f74cb2c24ba24183ef05574aa7. Reason for revert: New Build Breakage: git_main/husky-next-user @ 12974710 Change-Id: I1b5ea9552632ee081966e76875799b61058c3cb5

commit: 874e97492d7c7696a724a4c5f2f02cac8aba822c [log] [tgz]
author: Paul Lawrence <paullawrence@google.com> Mon Jan 27 13:29:30 2025 -0800
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Mon Jan 27 13:29:30 2025 -0800
tree: 3a79ef904934f58f369efffcbfda3696534ce514
parent: 879909f4d6e803f74cb2c24ba24183ef05574aa7 [diff] [blame]
diff --git a/private/virtualizationmanager.te b/private/virtualizationmanager.te
index 95bdd1c..259c402 100644
--- a/private/virtualizationmanager.te
+++ b/private/virtualizationmanager.te

@@ -115,16 +115,8 @@
 r_dir_file(virtualizationmanager, vendor_microdroid_file)
 
 # Do not allow writing vendor_microdroid_file from any process.
-neverallow {
-  domain
-  recovery_only(`userdebug_or_eng(`-fastbootd')')
-  userdebug_or_eng(`-overlay_remounter')
-} vendor_microdroid_file:dir no_w_dir_perms;
-neverallow {
-  domain
-  recovery_only(`userdebug_or_eng(`-fastbootd')')
-  userdebug_or_eng(`-overlay_remounter')
-} vendor_microdroid_file:file no_w_file_perms;
+neverallow { domain recovery_only(`userdebug_or_eng(`-fastbootd')') } vendor_microdroid_file:dir no_w_dir_perms;
+neverallow { domain recovery_only(`userdebug_or_eng(`-fastbootd')') } vendor_microdroid_file:file no_w_file_perms;
 
 # Allow reading files under /proc/[crosvm pid]/, for collecting CPU & memory usage inside VM.
 r_dir_file(virtualizationmanager, crosvm);
commit	874e97492d7c7696a724a4c5f2f02cac8aba822c	[log] [tgz]
author	Paul Lawrence <paullawrence@google.com>	Mon Jan 27 13:29:30 2025 -0800
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Mon Jan 27 13:29:30 2025 -0800
tree	3a79ef904934f58f369efffcbfda3696534ce514
parent	879909f4d6e803f74cb2c24ba24183ef05574aa7 [diff] [blame]