Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / ffe786ebd74d86af0c46a19dcc568306b3f54aa3^! / . / private / vold.te
commitffe786ebd74d86af0c46a19dcc568306b3f54aa3[log] [tgz]
authorYo Chiang <yochiang@google.com>Wed Oct 07 13:59:52 2020 +0800
committerYo Chiang <yochiang@google.com>Fri Oct 23 20:30:00 2020 +0800
tree2190ea147a8938ea845913a149ff5d8a837392cd
parentc1eb80e302f3a23c9dbbea8ab1fa8a972ff8bf30 [diff] [blame]
Allow gsid to find and binder-call vold

Bug: 168571434
Test: 1. Install a DSU system.
  2. Boot the DSU system and reboot back to the host system.
  3. Wipe the DSU installation.
  4. DSU metadata key dir /metadata/vold/metadata_encryption/dsu/dsu is
     destroyed.
Change-Id: I229a02abb7bd1f070bb078bdaf89fb27cc4bfa47

diff --git a/private/vold.te b/private/vold.te
index 0f464a9..09388f1 100644
--- a/private/vold.te
+++ b/private/vold.te

@@ -44,3 +44,12 @@
     use
 };
 
+neverallow {
+    domain
+    -system_server
+    -vdc
+    -vold
+    -update_verifier
+    -apexd
+    -gsid
+} vold_service:service_manager find;