From f15fe5de4b2683d75c3fe58f3043320292e614de Mon Sep 17 00:00:00 2001
From: Sandeep Patil <sspatil@google.com>
Date: Mon, 19 Jun 2017 15:16:52 -0700
Subject: [PATCH] init_ese: use vendor shell and toybox in ese script

Bug: 38447496
Bug: 37364044
Bug: 37914554

Test: Build and boot walleye
Test: No denials for init_ese requireing access for /data (b/t37914554)

Change-Id: Ifce97fd50c4d2b0f49460ff37bcc01a281a6c700
Signed-off-by: Sandeep Patil <sspatil@google.com>
---
 sepolicy/vendor/init_ese.te | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/sepolicy/vendor/init_ese.te b/sepolicy/vendor/init_ese.te
index 200e2772..cbc76a60 100644
--- a/sepolicy/vendor/init_ese.te
+++ b/sepolicy/vendor/init_ese.te
@@ -1,13 +1,12 @@
 # /vendor/bin/ese_load init called shell script.
-# TODO: Update system_violators for b/38447496
-type init_ese, domain, vendor_executes_system_violators;
+type init_ese, domain;
 type init_ese_exec, exec_type, vendor_file_type, file_type;
 
 init_daemon_domain(init_ese)
 
 # Shell script exec (toolbox)
-allow init_ese shell_exec:file r_file_perms;
-allow init_ese toolbox_exec:file rx_file_perms;
+allow init_ese vendor_shell_exec:file r_file_perms;
+allow init_ese vendor_toolbox_exec:file rx_file_perms;
 
 # eSE tools
 allow init_ese esed_exec:file rx_file_perms;