Policy for overlay_remounter Test: Manual Bug: 388912628 Change-Id: I9f27647f0e8d3ece229e7a46d50d54aa1f76fd76

commit: 879909f4d6e803f74cb2c24ba24183ef05574aa7 [log] [tgz]
author: Paul Lawrence <paullawrence@google.com> Fri Jan 24 12:56:34 2025 -0800
committer: Paul Lawrence <paullawrence@google.com> Mon Jan 27 12:39:07 2025 -0800
tree: 4834e84ecff857a17a2f52a79a2c8c8fb1f2bc80
parent: 1d45424c6a75cf46caaa8cc281ffbf2207d960bb [diff] [blame]
diff --git a/private/incident.te b/private/incident.te
index db9ae86..19db7d7 100644
--- a/private/incident.te
+++ b/private/incident.te

@@ -34,4 +34,14 @@
 allow incident incidentd:fifo_file write;
 
 # only allow incident being called by shell or dumpstate
-neverallow { domain -su -shell -incident -dumpstate} incident_exec:file { execute execute_no_trans };
+neverallow {
+    domain
+    -su
+    -shell
+    -incident
+    -dumpstate
+    userdebug_or_eng(`-overlay_remounter')
+} incident_exec:file {
+    execute
+    execute_no_trans
+};
commit	879909f4d6e803f74cb2c24ba24183ef05574aa7	[log] [tgz]
author	Paul Lawrence <paullawrence@google.com>	Fri Jan 24 12:56:34 2025 -0800
committer	Paul Lawrence <paullawrence@google.com>	Mon Jan 27 12:39:07 2025 -0800
tree	4834e84ecff857a17a2f52a79a2c8c8fb1f2bc80
parent	1d45424c6a75cf46caaa8cc281ffbf2207d960bb [diff] [blame]