diff options
author | Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de> | 2016-02-03 12:23:07 +0100 |
---|---|---|
committer | Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de> | 2016-02-03 12:23:07 +0100 |
commit | 5b2d5516ff1443a7f6eca087b430e6e47f7393f4 (patch) | |
tree | ce44be2d4a37b302e7e675a135a5187f82232808 /sepolicy | |
parent | 46b133c04103ff2e2d5c98710a1e1ec8dbc5efc5 (diff) | |
parent | 34b5b9756cdc86ab9491938c8519b7ae8beecb6d (diff) | |
download | vendor_replicant-5b2d5516ff1443a7f6eca087b430e6e47f7393f4.zip vendor_replicant-5b2d5516ff1443a7f6eca087b430e6e47f7393f4.tar.gz vendor_replicant-5b2d5516ff1443a7f6eca087b430e6e47f7393f4.tar.bz2 |
Merge branch 'cm-13.0' of https://github.com/CyanogenMod/android_vendor_cm into replicant-6.0
Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
Conflicts:
overlay/common/frameworks/base/core/res/res/drawable-nodpi/default_wallpaper.jpg
overlay/common/frameworks/base/core/res/res/drawable-sw600dp-nodpi/default_wallpaper.jpg
overlay/common/frameworks/base/core/res/res/drawable-sw720dp-nodpi/default_wallpaper.jpg
overlay/common/frameworks/base/core/res/res/drawable-xhdpi/default_wallpaper.jpg
Diffstat (limited to 'sepolicy')
-rw-r--r-- | sepolicy/app.te | 5 | ||||
-rw-r--r-- | sepolicy/platform_app.te | 4 | ||||
-rw-r--r-- | sepolicy/recovery.te | 4 |
3 files changed, 13 insertions, 0 deletions
diff --git a/sepolicy/app.te b/sepolicy/app.te index 761eb5f..e590efe 100644 --- a/sepolicy/app.te +++ b/sepolicy/app.te @@ -1,3 +1,8 @@ +# Access OBBs (sdcard_posix) mounted by vold +# File write access allowed for FDs returned through Storage Access Framework +allow appdomain sdcard_posix:dir r_dir_perms; +allow appdomain sdcard_posix:file rw_file_perms; + # Themed resources (i.e. composed icons) allow appdomain theme_data_file:dir r_dir_perms; allow appdomain theme_data_file:file r_file_perms; diff --git a/sepolicy/platform_app.te b/sepolicy/platform_app.te new file mode 100644 index 0000000..db8647d --- /dev/null +++ b/sepolicy/platform_app.te @@ -0,0 +1,4 @@ +# Direct access to vold-mounted storage under /mnt/media_rw +# This is a performance optimization that allows platform apps to bypass the FUSE layer +allow platform_app sdcard_posix:dir create_dir_perms; +allow platform_app sdcard_posix:file create_file_perms; diff --git a/sepolicy/recovery.te b/sepolicy/recovery.te index e2efee4..76e7a62 100644 --- a/sepolicy/recovery.te +++ b/sepolicy/recovery.te @@ -30,6 +30,10 @@ allow recovery sdcard_posix:file r_file_perms; allow recovery recovery_prop:property_service set; # recursive rm for wipes... :( +allow app_data_file self:filesystem associate; +allow recovery app_data_file:file { read open create write }; +allow recovery app_data_file:filesystem { relabelto relabelfrom mount unmount }; + allow recovery file_type:dir { rw_dir_perms rmdir }; allow recovery file_type:notdevfile_class_set { unlink getattr }; # wipe saves and restores the layout version |