Grant platform apps access to /mnt/media_rw with sdcard_posix label

Also allow apps to read the contents of mounted OBBs. See AOSP Change-Id: I66df236eade3ca25a10749dd43d173ff4628cfad and Change-Id: I49b722b24c1c7d9ab084ebee7c1e349d8d660ffa Change-Id: I757a2a8831c69d41c0496025a39eaf79ceb0e65f
author: Jani Lusikka <jani.lusikka@gmail.com> 2016-01-16 00:04:18 +0200
committer: Gerrit Code Review <gerrit@cyanogenmod.org> 2016-01-24 14:39:42 -0800
commit: 8c780755f2ce005de4a7391d8ca142149861ca68 (patch)
tree: fbee78a32e859eb293ce83af50a2a05180726e46 /sepolicy/platform_app.te
parent: 580bc0afa288450dcba71609173886cbc94166b4 (diff)
download: vendor_replicant-8c780755f2ce005de4a7391d8ca142149861ca68.zip
vendor_replicant-8c780755f2ce005de4a7391d8ca142149861ca68.tar.gz
vendor_replicant-8c780755f2ce005de4a7391d8ca142149861ca68.tar.bz2
1 files changed, 4 insertions, 0 deletions
diff --git a/sepolicy/platform_app.te b/sepolicy/platform_app.te
new file mode 100644
index 0000000..db8647d
--- /dev/null
+++ b/sepolicy/platform_app.te
@@ -0,0 +1,4 @@
+# Direct access to vold-mounted storage under /mnt/media_rw
+# This is a performance optimization that allows platform apps to bypass the FUSE layer
+allow platform_app sdcard_posix:dir create_dir_perms;
+allow platform_app sdcard_posix:file create_file_perms;
author	Jani Lusikka <jani.lusikka@gmail.com>	2016-01-16 00:04:18 +0200
committer	Gerrit Code Review <gerrit@cyanogenmod.org>	2016-01-24 14:39:42 -0800
commit	8c780755f2ce005de4a7391d8ca142149861ca68 (patch)
tree	fbee78a32e859eb293ce83af50a2a05180726e46 /sepolicy/platform_app.te
parent	580bc0afa288450dcba71609173886cbc94166b4 (diff)
download	vendor_replicant-8c780755f2ce005de4a7391d8ca142149861ca68.zip vendor_replicant-8c780755f2ce005de4a7391d8ca142149861ca68.tar.gz vendor_replicant-8c780755f2ce005de4a7391d8ca142149861ca68.tar.bz2