From 98bc1a88acf5083e4ed56dd5c8583397adb3fe71 Mon Sep 17 00:00:00 2001 From: Paul Crowley Date: Mon, 26 Jun 2017 13:56:10 -0700 Subject: [PATCH] Allow init_ese to run grep Bug: 62586642 Test: selinux denial on grep no longer seen. Change-Id: I61847f5a5f460fc8efef5a772eae3a0559634b40 (cherry picked from commit 1478bd41b46bd700954a08cab816918bff6c40c3) --- sepolicy/vendor/init_ese.te | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sepolicy/vendor/init_ese.te b/sepolicy/vendor/init_ese.te index cbc76a60..59ab771e 100644 --- a/sepolicy/vendor/init_ese.te +++ b/sepolicy/vendor/init_ese.te @@ -15,3 +15,5 @@ allow init_ese esed_exec:file rx_file_perms; allow init_ese pn81a_device:chr_file rw_file_perms; allow init_ese ese_vendor_data_file:dir create_dir_perms; allow init_ese ese_vendor_data_file:file create_file_perms; + +allow init_ese vendor_file:file execute_no_trans;