summaryrefslogtreecommitdiffstats
path: root/sepolicy
diff options
context:
space:
mode:
authorWolfgang Wiedmeyer <wolfgit@wiedmeyer.de>2016-01-02 14:12:03 +0100
committerWolfgang Wiedmeyer <wolfgit@wiedmeyer.de>2016-01-02 14:12:03 +0100
commita746591c4e4b3640b89f5b56fb2159da102b65f8 (patch)
tree6adaebdb313e99ee9e6fd8ab1dde1448ba0843ed /sepolicy
parent9e1fd3a74433f23e3b1c16d053abaeea3ef6c8bc (diff)
parent511152cd2c67e7f965fdbf451111522f898a2584 (diff)
downloadvendor_replicant-a746591c4e4b3640b89f5b56fb2159da102b65f8.zip
vendor_replicant-a746591c4e4b3640b89f5b56fb2159da102b65f8.tar.gz
vendor_replicant-a746591c4e4b3640b89f5b56fb2159da102b65f8.tar.bz2
Merge branch 'cm-13.0' of https://github.com/CyanogenMod/android_vendor_cm into replicant-6.0
Diffstat (limited to 'sepolicy')
-rw-r--r--sepolicy/fsck_untrusted.te2
-rw-r--r--sepolicy/genfs_contexts2
-rw-r--r--sepolicy/system_server.te2
-rw-r--r--sepolicy/vold.te6
4 files changed, 12 insertions, 0 deletions
diff --git a/sepolicy/fsck_untrusted.te b/sepolicy/fsck_untrusted.te
new file mode 100644
index 0000000..5d12f76
--- /dev/null
+++ b/sepolicy/fsck_untrusted.te
@@ -0,0 +1,2 @@
+# External storage
+allow fsck_untrusted self:capability sys_admin;
diff --git a/sepolicy/genfs_contexts b/sepolicy/genfs_contexts
index cec9f01..b39d3dd 100644
--- a/sepolicy/genfs_contexts
+++ b/sepolicy/genfs_contexts
@@ -1 +1,3 @@
genfscon fuseblk / u:object_r:sdcard_external:s0
+genfscon exfat / u:object_r:sdcard_external:s0
+genfscon ntfs / u:object_r:sdcard_external:s0
diff --git a/sepolicy/system_server.te b/sepolicy/system_server.te
index b6a65ee..a9000b6 100644
--- a/sepolicy/system_server.te
+++ b/sepolicy/system_server.te
@@ -4,3 +4,5 @@ allow system_server recovery_cache_file:file create_file_perms;
# Persistent properties
allow system_server persist_property_file:dir rw_dir_perms;
allow system_server persist_property_file:file { create_file_perms unlink };
+
+allow system_server storage_stub_file:dir { getattr };
diff --git a/sepolicy/vold.te b/sepolicy/vold.te
index 9b7313c..0c50c71 100644
--- a/sepolicy/vold.te
+++ b/sepolicy/vold.te
@@ -13,4 +13,10 @@ allow vold self:capability { setgid setuid };
# Vold can also run as minivold in the rootfs
recovery_only(`
allow vold rootfs:dir { add_name write };
+ allow vold rootfs:file execute_no_trans;
')
+
+# External storage
+allow vold storage_stub_file:dir { rw_file_perms search add_name };
+allow vold mnt_media_rw_stub_file:dir r_dir_perms;
+allow vold mkfs_exec:file { execute read open execute_no_trans };