From 511152cd2c67e7f965fdbf451111522f898a2584 Mon Sep 17 00:00:00 2001
From: Matt Mower <mowerm@gmail.com>
Date: Sun, 27 Dec 2015 12:26:23 -0600
Subject: [PATCH] sepolicy: Allow minivold execute_no_trans

After assimilating minivold into /sbin/recovery, we need to allow the
minivold service (a symlink to the recovery binary) to transition from
the recovery to the vold domain.

Change-Id: I112e6d371a8da8fc55a06967852c869105190616
---
 sepolicy/vold.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/sepolicy/vold.te b/sepolicy/vold.te
index efca286b..0c50c71b 100644
--- a/sepolicy/vold.te
+++ b/sepolicy/vold.te
@@ -13,6 +13,7 @@ allow vold self:capability { setgid setuid };
 # Vold can also run as minivold in the rootfs
 recovery_only(`
   allow vold rootfs:dir { add_name write };
+  allow vold rootfs:file execute_no_trans;
 ')
 
 # External storage