Merge "vold: grant perms from domain_deprecated"
This commit is contained in:
Jeffrey Vander Stoep
Gerrit Code Review
commit
1cf93217fa
1 changed files with 11 additions and 0 deletions
11
vold.te
11
vold.te
|
|
@ -8,6 +8,17 @@ init_daemon_domain(vold)
|
|||
domain_auto_trans(vold, sgdisk_exec, sgdisk);
|
||||
domain_auto_trans(vold, sdcardd_exec, sdcardd);
|
||||
|
||||
# Read already opened /cache files.
|
||||
allow vold cache_file:dir r_dir_perms;
|
||||
allow vold cache_file:file { getattr read };
|
||||
allow vold cache_file:lnk_file r_file_perms;
|
||||
|
||||
# Read access to pseudo filesystems.
|
||||
r_dir_file(vold, proc)
|
||||
r_dir_file(vold, proc_net)
|
||||
r_dir_file(vold, sysfs)
|
||||
r_dir_file(vold, rootfs)
|
||||
|
||||
# For a handful of probing tools, we choose an even more restrictive
|
||||
# domain when working with untrusted block devices
|
||||
domain_trans(vold, shell_exec, blkid);
|
||||
|
|
|
|||
Loading…
Reference in a new issue