From 4a24ffeb6a44b2a044c2c3ce4e5aad8956e7157a Mon Sep 17 00:00:00 2001 From: Steve Kondik Date: Mon, 25 Jul 2016 22:11:33 -0700 Subject: [PATCH] sepolicy: More policy for sdcardfs Change-Id: Iddc6f86bd1e4b9942139acf9b7e75279b3865b8a --- sepolicy/file_contexts | 7 +++++++ sepolicy/system_server.te | 2 ++ 2 files changed, 9 insertions(+) diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts index 706c84a9..c0ed4fe8 100644 --- a/sepolicy/file_contexts +++ b/sepolicy/file_contexts @@ -55,3 +55,10 @@ # bash /system/xbin/bash u:object_r:shell_exec:s0 + +# emulated storage via sdcardfs +/mnt/runtime/(default|read|write)/emulated/[0-9](/.*)? u:object_r:media_rw_data_file:s0 +/storage/emulated/[0-9](/.*)? u:object_r:media_rw_data_file:s0 +/mnt/shell/emulated/([1-9])?[0-9](/.*)? u:object_r:media_rw_data_file:s0 +/data/media\.tmp(/.*)? u:object_r:media_rw_data_file:s0 + diff --git a/sepolicy/system_server.te b/sepolicy/system_server.te index 6aaf50c6..39ee9356 100644 --- a/sepolicy/system_server.te +++ b/sepolicy/system_server.te @@ -7,3 +7,5 @@ allow system_server persist_property_file:dir rw_dir_perms; allow system_server persist_property_file:file { create_file_perms unlink }; allow system_server storage_stub_file:dir { getattr }; + +allow system_server media_rw_data_file:dir r_dir_perms;