NekoSakura/android_device_mediatek_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[ALPS04631260] skip selinux violation log for fstrim vendor folder

Browse Source 
vold cannot do fstrim on vendor folders (ex: nvdata, protect_f)
because of never allow rule.
Thus, skip selinux violation log for fstrim vendor folder.

MTK-Commit-Id: cf15f3ec6ae93e65c1f13b22f044e766a63eaece

Change-Id: I9c26ee000b8554df7abb03141ecf73a78d727f87
CR-Id: ALPS04631260
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
This commit is contained in:
Denis Hsu 2020-01-18 10:15:00 +08:00
parent 5d35b26aba
commit 346ca0c012
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
non_plat/vold.te
View File

@ -25,3 +25,9 @@ dontaudit vold proc_thermal:dir { read open };
allow vold mdlog_data_file:dir { create_dir_perms }; allow vold mdlog_data_file:dir { create_dir_perms };
allow vold mtd_device:blk_file rw_file_perms; allow vold mtd_device:blk_file rw_file_perms;
# dontaudit for fstrim on 'vendor' folder
dontaudit vold nvdata_file:dir r_dir_perms;
dontaudit vold nvcfg_file:dir r_dir_perms;
dontaudit vold protect_f_data_file:dir r_dir_perms;
dontaudit vold protect_s_data_file:dir r_dir_perms;