commit 879909f4d6e803f74cb2c24ba24183ef05574aa7
author Paul Lawrence <paullawrence@google.com> Fri Jan 24 12:56:34 2025 -0800
committer Paul Lawrence <paullawrence@google.com> Mon Jan 27 12:39:07 2025 -0800
tree 4834e84ecff857a17a2f52a79a2c8c8fb1f2bc80
parent 1d45424c6a75cf46caaa8cc281ffbf2207d960bb

Policy for overlay_remounter

Test: Manual
Bug: 388912628
Change-Id: I9f27647f0e8d3ece229e7a46d50d54aa1f76fd76

private/incident_helper.te

diff --git a/private/incident_helper.te b/private/incident_helper.te
index b453855..cdaf144 100644
--- a/private/incident_helper.te
+++ b/private/incident_helper.te
@@ -11,4 +11,13 @@
 allow incident_helper incidentd:unix_stream_socket { read write };
 
 # only allow incidentd and shell to call incident_helper
-neverallow { domain -incidentd -incident_helper -shell } incident_helper_exec:file { execute execute_no_trans };
+neverallow {
+    domain
+    -incidentd
+    -incident_helper
+    -shell
+    userdebug_or_eng(`-overlay_remounter')
+} incident_helper_exec:file {
+    execute
+    execute_no_trans
+};