Merge "remount: Allow 'shell' to run 'remount_exec' domain"

commit: b888a092b578b118fe676c24cdc1e26e16889b64 [log] [tgz]
author: Yi-yo Chiang <yochiang@google.com> Fri Nov 04 04:44:00 2022 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Fri Nov 04 04:44:00 2022 +0000
tree: 9108c894389440f031f3e805e5af78c56a59d093
parent: f12e949b6cf13f3eec666a66074c5338843dbcd3 [diff]
parent: 686d77913d2d04fe74cb7659e61abb66dbd37c5a [diff]
diff --git a/private/shell.te b/private/shell.te
index c20e612..6a7c629 100644
--- a/private/shell.te
+++ b/private/shell.te

@@ -121,6 +121,9 @@
   allow shell profcollectd:binder call;
 ')
 
+# Allow shell to run remount command.
+allow shell remount_exec:file rx_file_perms;
+
 # Allow shell to call perf_event_open for profiling other shell processes, but
 # not the whole system.
 allow shell self:perf_event { open read write kernel };
commit	b888a092b578b118fe676c24cdc1e26e16889b64	[log] [tgz]
author	Yi-yo Chiang <yochiang@google.com>	Fri Nov 04 04:44:00 2022 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Fri Nov 04 04:44:00 2022 +0000
tree	9108c894389440f031f3e805e5af78c56a59d093
parent	f12e949b6cf13f3eec666a66074c5338843dbcd3 [diff]
parent	686d77913d2d04fe74cb7659e61abb66dbd37c5a [diff]