On Oct 16, 2015 2:44 AM, "Dong Zhou" <[email protected]> wrote: > > Hi, SE gurus > > > I have a question about CTS neverallow noncompliance. > > In domain.te, we have this statement > > neverallow { domain -kernel -init -recovery -vold -zygote } { fs_type -sdcard_type }:filesystem { mount remount relabelfrom relabelto }; > > which basically saying only selected few processes can mount sdcard_type of filesystem.
No its saying only a few domains can mount filesystem other than sdcard_type > > However, we have a real need to for our device to mount ecryptfs in one of our native processes. > > To make our process work, we need to tweak the neverallow, which will trigger CTS noncompliance. > > > How should we handle this type of scenario? Please kindly advise. > Have init or vold mount your filesystem. I would do it in a oneshot service in init. The onyshot service could then notify the process that needs the mount that it's ready. > > Thanks > > > Joe > > > > > Nothing in this message is intended to constitute an electronic signature unless a specific statement to the contrary is included in this message. > > Confidentiality Note: This message is intended only for the person or entity to which it is addressed. It may contain confidential and/or privileged material. Any review, transmission, dissemination or other use, or taking of any action in reliance upon this message by persons or entities other than the intended recipient is prohibited and may be unlawful. If you received this message in error, please contact the sender and delete it from your computer. > > _______________________________________________ > Seandroid-list mailing list > [email protected] > To unsubscribe, send email to [email protected]. > To get help, send an email containing "help" to [email protected].
_______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
