platform_system_sepolicy/private/vold.te

# type_transition must be private policy the domain_trans rules could stay
# public, but conceptually should go with this
init_daemon_domain(vold)

# Switch to more restrictive domains when executing common tools
domain_auto_trans(vold, sgdisk_exec, sgdisk);
domain_auto_trans(vold, sdcardd_exec, sdcardd);

# For a handful of probing tools, we choose an even more restrictive
# domain when working with untrusted block devices
domain_trans(vold, shell_exec, blkid);
domain_trans(vold, shell_exec, blkid_untrusted);
domain_trans(vold, fsck_exec, fsck);
domain_trans(vold, fsck_exec, fsck_untrusted);

# Newly created storage dirs are always treated as mount stubs to prevent us
# from accidentally writing when the mount point isn't present.
type_transition vold storage_file:dir storage_stub_file;
type_transition vold mnt_media_rw_file:dir mnt_media_rw_stub_file;
Split general policy into public and private components. Divide policy into public and private components. This is the first step in splitting the policy creation for platform and non-platform policies. The policy in the public directory will be exported for use in non-platform policy creation. Backwards compatibility with it will be achieved by converting the exported policy into attribute-based policy when included as part of the non-platform policy and a mapping file will be maintained to be included with the platform policy that maps exported attributes of previous versions to the current platform version. Eventually we would like to create a clear interface between the platform and non-platform device components so that the exported policy, and the need for attributes is minimal. For now, almost all types and avrules are left in public. Test: Tested by building policy and running on device. Change-Id: Idef796c9ec169259787c3f9d8f423edf4ce27f8c 2016-07-22 22:13:11 +02:00			`# type_transition must be private policy the domain_trans rules could stay`
			`# public, but conceptually should go with this`
			`init_daemon_domain(vold)`

			`# Switch to more restrictive domains when executing common tools`
			`domain_auto_trans(vold, sgdisk_exec, sgdisk);`
			`domain_auto_trans(vold, sdcardd_exec, sdcardd);`

			`# For a handful of probing tools, we choose an even more restrictive`
			`# domain when working with untrusted block devices`
			`domain_trans(vold, shell_exec, blkid);`
			`domain_trans(vold, shell_exec, blkid_untrusted);`
			`domain_trans(vold, fsck_exec, fsck);`
			`domain_trans(vold, fsck_exec, fsck_untrusted);`

			`# Newly created storage dirs are always treated as mount stubs to prevent us`
			`# from accidentally writing when the mount point isn't present.`
			`type_transition vold storage_file:dir storage_stub_file;`
			`type_transition vold mnt_media_rw_file:dir mnt_media_rw_stub_file;`