Merge "Root of /data belongs to init"

commit: b935b6c664663039363830d0fd6c9976da887d6b [log] [tgz]
author: Paul Crowley <paulcrowley@google.com> Fri Aug 30 05:23:12 2019 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Fri Aug 30 05:23:12 2019 +0000
tree: 7ee36dd6629a99041906af72ab46712df0af96b8
parent: 845e04ba73270555f9ab70248a13a61fd3286609 [diff]
parent: 206b6535f1b6793480062cb3d90f7e0af1004435 [diff]
diff --git a/private/fsverity_init.te b/private/fsverity_init.te
index c6a5edd..d0e13b4 100644
--- a/private/fsverity_init.te
+++ b/private/fsverity_init.te

@@ -23,3 +23,8 @@
 # already registered algorithm with that name. If it fails, the kernel creates
 # an implementation of the algorithm from templates.
 dontaudit fsverity_init kernel:system module_request;
+
+# TODO(b/132323675): remove once kernel bug is fixed.
+userdebug_or_eng(`
+  dontaudit fsverity_init self:capability sys_admin;
+')
commit	b935b6c664663039363830d0fd6c9976da887d6b	[log] [tgz]
author	Paul Crowley <paulcrowley@google.com>	Fri Aug 30 05:23:12 2019 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Fri Aug 30 05:23:12 2019 +0000
tree	7ee36dd6629a99041906af72ab46712df0af96b8
parent	845e04ba73270555f9ab70248a13a61fd3286609 [diff]
parent	206b6535f1b6793480062cb3d90f7e0af1004435 [diff]