From 1c708f0110715d9e3712122204e55ee220c5ff69 Mon Sep 17 00:00:00 2001
From: Caio Schnepper <caioschnepper@gmail.com>
Date: Sat, 29 Aug 2015 00:31:10 -0300
Subject: [PATCH] sepolicy: Address SELinux denials

Change-Id: Ice8f2890fbade59d063097ac3ee3647f24e8d3ad
---
 BoardCommonConfig.mk     | 1 +
 selinux/healthd.te       | 1 +
 selinux/system_server.te | 1 +
 selinux/vold.te          | 2 +-
 4 files changed, 4 insertions(+), 1 deletion(-)
 create mode 100644 selinux/healthd.te

diff --git a/BoardCommonConfig.mk b/BoardCommonConfig.mk
index fcd79df..8d6814c 100644
--- a/BoardCommonConfig.mk
+++ b/BoardCommonConfig.mk
@@ -162,6 +162,7 @@ BOARD_SEPOLICY_UNION += \
     dumpstate.te \
     file.te \
     file_contexts \
+    healthd.te \
     init.te \
     kernel.te \
     mediaserver.te \
diff --git a/selinux/healthd.te b/selinux/healthd.te
new file mode 100644
index 0000000..a7ec774
--- /dev/null
+++ b/selinux/healthd.te
@@ -0,0 +1 @@
+allow healthd device:dir r_dir_perms;
diff --git a/selinux/system_server.te b/selinux/system_server.te
index 970da27..5ae729d 100644
--- a/selinux/system_server.te
+++ b/selinux/system_server.te
@@ -3,3 +3,4 @@ allow system_server sysfs_display:file { read write getattr open };
 allow system_server efs_file:dir { search };
 allow system_server efs_file:file { read open write };
 allow system_server efs_device_file:dir search;
+allow system_server fuse:dir search;
diff --git a/selinux/vold.te b/selinux/vold.te
index 7bf2310..b31b92d 100644
--- a/selinux/vold.te
+++ b/selinux/vold.te
@@ -1,3 +1,3 @@
 allow vold sdcard_external:file rw_file_perms;
-allow vold efs_device_file:dir rw_file_perms;
+allow vold efs_device_file:dir rw_dir_perms;
 allow vold efs_device_file:file rw_file_perms;