diff options
author | Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de> | 2016-01-02 14:12:03 +0100 |
---|---|---|
committer | Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de> | 2016-01-02 14:12:03 +0100 |
commit | a746591c4e4b3640b89f5b56fb2159da102b65f8 (patch) | |
tree | 6adaebdb313e99ee9e6fd8ab1dde1448ba0843ed /sepolicy | |
parent | 9e1fd3a74433f23e3b1c16d053abaeea3ef6c8bc (diff) | |
parent | 511152cd2c67e7f965fdbf451111522f898a2584 (diff) | |
download | vendor_replicant-a746591c4e4b3640b89f5b56fb2159da102b65f8.zip vendor_replicant-a746591c4e4b3640b89f5b56fb2159da102b65f8.tar.gz vendor_replicant-a746591c4e4b3640b89f5b56fb2159da102b65f8.tar.bz2 |
Merge branch 'cm-13.0' of https://github.com/CyanogenMod/android_vendor_cm into replicant-6.0
Diffstat (limited to 'sepolicy')
-rw-r--r-- | sepolicy/fsck_untrusted.te | 2 | ||||
-rw-r--r-- | sepolicy/genfs_contexts | 2 | ||||
-rw-r--r-- | sepolicy/system_server.te | 2 | ||||
-rw-r--r-- | sepolicy/vold.te | 6 |
4 files changed, 12 insertions, 0 deletions
diff --git a/sepolicy/fsck_untrusted.te b/sepolicy/fsck_untrusted.te new file mode 100644 index 0000000..5d12f76 --- /dev/null +++ b/sepolicy/fsck_untrusted.te @@ -0,0 +1,2 @@ +# External storage +allow fsck_untrusted self:capability sys_admin; diff --git a/sepolicy/genfs_contexts b/sepolicy/genfs_contexts index cec9f01..b39d3dd 100644 --- a/sepolicy/genfs_contexts +++ b/sepolicy/genfs_contexts @@ -1 +1,3 @@ genfscon fuseblk / u:object_r:sdcard_external:s0 +genfscon exfat / u:object_r:sdcard_external:s0 +genfscon ntfs / u:object_r:sdcard_external:s0 diff --git a/sepolicy/system_server.te b/sepolicy/system_server.te index b6a65ee..a9000b6 100644 --- a/sepolicy/system_server.te +++ b/sepolicy/system_server.te @@ -4,3 +4,5 @@ allow system_server recovery_cache_file:file create_file_perms; # Persistent properties allow system_server persist_property_file:dir rw_dir_perms; allow system_server persist_property_file:file { create_file_perms unlink }; + +allow system_server storage_stub_file:dir { getattr }; diff --git a/sepolicy/vold.te b/sepolicy/vold.te index 9b7313c..0c50c71 100644 --- a/sepolicy/vold.te +++ b/sepolicy/vold.te @@ -13,4 +13,10 @@ allow vold self:capability { setgid setuid }; # Vold can also run as minivold in the rootfs recovery_only(` allow vold rootfs:dir { add_name write }; + allow vold rootfs:file execute_no_trans; ') + +# External storage +allow vold storage_stub_file:dir { rw_file_perms search add_name }; +allow vold mnt_media_rw_stub_file:dir r_dir_perms; +allow vold mkfs_exec:file { execute read open execute_no_trans }; |