Merge branch 'cm-13.0' of https://github.com/CyanogenMod/android_vendor_cm into replicant-6.0

4 files changed, 12 insertions, 0 deletions

diff --git a/sepolicy/fsck_untrusted.te b/sepolicy/fsck_untrusted.te
new file mode 100644
index 0000000..5d12f76
--- /dev/null
+++ b/sepolicy/fsck_untrusted.te
@@ -0,0 +1,2 @@
+# External storage
+allow fsck_untrusted self:capability sys_admin;
diff --git a/sepolicy/genfs_contexts b/sepolicy/genfs_contexts
index cec9f01..b39d3dd 100644
--- a/sepolicy/genfs_contexts
+++ b/sepolicy/genfs_contexts
@@ -1 +1,3 @@
 genfscon fuseblk / u:object_r:sdcard_external:s0
+genfscon exfat / u:object_r:sdcard_external:s0
+genfscon ntfs / u:object_r:sdcard_external:s0
diff --git a/sepolicy/system_server.te b/sepolicy/system_server.te
index b6a65ee..a9000b6 100644
--- a/sepolicy/system_server.te
+++ b/sepolicy/system_server.te
@@ -4,3 +4,5 @@ allow system_server recovery_cache_file:file create_file_perms;
 # Persistent properties
 allow system_server persist_property_file:dir rw_dir_perms;
 allow system_server persist_property_file:file { create_file_perms unlink };
+
+allow system_server storage_stub_file:dir { getattr };
diff --git a/sepolicy/vold.te b/sepolicy/vold.te
index 9b7313c..0c50c71 100644
--- a/sepolicy/vold.te
+++ b/sepolicy/vold.te
@@ -13,4 +13,10 @@ allow vold self:capability { setgid setuid };
 # Vold can also run as minivold in the rootfs
 recovery_only(`
   allow vold rootfs:dir { add_name write };
+  allow vold rootfs:file execute_no_trans;
 ')
+
+# External storage
+allow vold storage_stub_file:dir { rw_file_perms search add_name };
+allow vold mnt_media_rw_stub_file:dir r_dir_perms;
+allow vold mkfs_exec:file { execute read open execute_no_trans };