cm: sepolicy: fix denials for external storage

Change-Id: I784a859671c69370cab0118a88a5fb0190352af9
2016-01-01 17:29:10 +01:00 · 2016-01-01 17:29:10 +01:00 · 14e765cd71
parent 053b1805da
commit 14e765cd71
4 changed files with 11 additions and 0 deletions
--- a/sepolicy/fsck_untrusted.te
+++ b/sepolicy/fsck_untrusted.te
@ -0,0 +1,2 @@
+# External storage
+allow fsck_untrusted self:capability sys_admin;
--- a/sepolicy/genfs_contexts
+++ b/sepolicy/genfs_contexts
@ -1 +1,3 @@
 genfscon fuseblk / u:object_r:sdcard_external:s0
+genfscon exfat / u:object_r:sdcard_external:s0
+genfscon ntfs / u:object_r:sdcard_external:s0
--- a/sepolicy/system_server.te
+++ b/sepolicy/system_server.te
@ -4,3 +4,5 @@ allow system_server recovery_cache_file:file create_file_perms;
 # Persistent properties
 allow system_server persist_property_file:dir rw_dir_perms;
 allow system_server persist_property_file:file { create_file_perms unlink };
+
+allow system_server storage_stub_file:dir { getattr };
--- a/sepolicy/vold.te
+++ b/sepolicy/vold.te
@ -14,3 +14,8 @@ allow vold self:capability { setgid setuid };
 recovery_only(`
  allow vold rootfs:dir { add_name write };
 ')
+
+# External storage
+allow vold storage_stub_file:dir { rw_file_perms search add_name };
+allow vold mnt_media_rw_stub_file:dir r_dir_perms;
+allow vold mkfs_exec:file { execute read open execute_no_trans };