Actually, that neverallow only restricts the ability to mount filesystems other than those with sdcard_type (fs_type -sdcard_type means all types with fs_type except those with sdcard_type). What is your configuration for ecryptfs (fs_use or genfs_contexts entry)?
On Fri, Oct 16, 2015 at 5:41 AM, Dong Zhou <[email protected]> wrote: > Hi, SE gurus > > > I have a question about CTS neverallow noncompliance. > > In domain.te, we have this statement > > neverallow { domain -kernel -init -recovery -vold -zygote } { fs_type > -sdcard_type }:filesystem { mount remount relabelfrom relabelto }; > > which basically saying only selected few processes can mount sdcard_type of > filesystem. > > However, we have a real need to for our device to mount ecryptfs in one of > our native processes. > > To make our process work, we need to tweak the neverallow, which will > trigger CTS noncompliance. > > > How should we handle this type of scenario? Please kindly advise. > > > Thanks > > > Joe > > > > > Nothing in this message is intended to constitute an electronic signature > unless a specific statement to the contrary is included in this message. > > Confidentiality Note: This message is intended only for the person or entity > to which it is addressed. It may contain confidential and/or privileged > material. Any review, transmission, dissemination or other use, or taking of > any action in reliance upon this message by persons or entities other than > the intended recipient is prohibited and may be unlawful. If you received > this message in error, please contact the sender and delete it from your > computer. > > _______________________________________________ > Seandroid-list mailing list > [email protected] > To unsubscribe, send email to [email protected]. > To get help, send an email containing "help" to > [email protected]. _______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
