diff options
| author | Jani Lusikka <jani.lusikka@gmail.com> | 2016-01-16 00:04:18 +0200 |
|---|---|---|
| committer | Gerrit Code Review <gerrit@cyanogenmod.org> | 2016-01-24 14:39:42 -0800 |
| commit | 8c780755f2ce005de4a7391d8ca142149861ca68 (patch) | |
| tree | fbee78a32e859eb293ce83af50a2a05180726e46 /sepolicy | |
| parent | 580bc0afa288450dcba71609173886cbc94166b4 (diff) | |
| download | vendor_replicant-8c780755f2ce005de4a7391d8ca142149861ca68.zip vendor_replicant-8c780755f2ce005de4a7391d8ca142149861ca68.tar.gz vendor_replicant-8c780755f2ce005de4a7391d8ca142149861ca68.tar.bz2 | |
Grant platform apps access to /mnt/media_rw with sdcard_posix label
Also allow apps to read the contents of mounted OBBs.
See AOSP Change-Id: I66df236eade3ca25a10749dd43d173ff4628cfad
and Change-Id: I49b722b24c1c7d9ab084ebee7c1e349d8d660ffa
Change-Id: I757a2a8831c69d41c0496025a39eaf79ceb0e65f
Diffstat (limited to 'sepolicy')
| -rw-r--r-- | sepolicy/app.te | 5 | ||||
| -rw-r--r-- | sepolicy/platform_app.te | 4 |
2 files changed, 9 insertions, 0 deletions
diff --git a/sepolicy/app.te b/sepolicy/app.te index 761eb5f..e590efe 100644 --- a/sepolicy/app.te +++ b/sepolicy/app.te @@ -1,3 +1,8 @@ +# Access OBBs (sdcard_posix) mounted by vold +# File write access allowed for FDs returned through Storage Access Framework +allow appdomain sdcard_posix:dir r_dir_perms; +allow appdomain sdcard_posix:file rw_file_perms; + # Themed resources (i.e. composed icons) allow appdomain theme_data_file:dir r_dir_perms; allow appdomain theme_data_file:file r_file_perms; diff --git a/sepolicy/platform_app.te b/sepolicy/platform_app.te new file mode 100644 index 0000000..db8647d --- /dev/null +++ b/sepolicy/platform_app.te @@ -0,0 +1,4 @@ +# Direct access to vold-mounted storage under /mnt/media_rw +# This is a performance optimization that allows platform apps to bypass the FUSE layer +allow platform_app sdcard_posix:dir create_dir_perms; +allow platform_app sdcard_posix:file create_file_perms; |