replicant-vendor_replicant/sepolicy/vold.te

24 lines
728 B
Plaintext
Raw Normal View History

domain_trans(init, rootfs, vold)
# Allow vold to manage ASEC
allow vold sdcard_external:file create_file_perms;
allow vold vold_tmpfs:file create_file_perms;
# Allow vold to access fuse for fuse-based fs
allow vold fuse_device:chr_file rw_file_perms;
# NTFS-3g wants to drop permission
allow vold self:capability { setgid setuid };
# Vold can also run as minivold in the rootfs
recovery_only(`
allow vold rootfs:dir { add_name write };
allow vold rootfs:file execute_no_trans;
allow vold vold_tmpfs:file link;
')
# External storage
allow vold storage_stub_file:dir { rw_file_perms search add_name };
allow vold mnt_media_rw_stub_file:dir r_dir_perms;
allow vold mkfs_exec:file { execute read open execute_no_trans };