Merge "Allow init and vold writing misc block device." into nyc-dev

am: 541e9d5 * commit '541e9d50d1ee071895b5e33c519018e5ce3635a1': Allow init and vold writing misc block device. Change-Id: Ifcf032d5afd8b576246ba5c8e00c039bbf6e8059
2016-04-09 01:09:28 +00:00 · 2016-04-09 01:09:28 +00:00 · 466fd7fac8
commit 466fd7fac8
parent 35d91f67a7 541e9d50d1
2 changed files with 6 additions and 0 deletions
--- a/init.te
+++ b/init.te
@ -329,6 +329,9 @@ allow init unencrypted_data_file:dir create_dir_perms;

 unix_socket_connect(init, vold, vold)

+# Raw writes to misc block device
+allow init misc_block_device:blk_file w_file_perms;
+
 ###
 ### neverallow rules
 ###
--- a/vold.te
+++ b/vold.te
@ -188,6 +188,9 @@ allow vold toolbox_exec:file rx_file_perms;
 allow vold user_profile_data_file:dir create_dir_perms;
 allow vold user_profile_foreign_dex_data_file:dir { getattr setattr };

+# Raw writes to misc block device
+allow vold misc_block_device:blk_file w_file_perms;
+
 neverallow { domain -vold } vold_data_file:dir ~{ open create read getattr setattr search relabelto ioctl };
 neverallow { domain -vold } vold_data_file:notdevfile_class_set ~{ relabelto getattr };
 neverallow { domain -vold -init } vold_data_file:dir *;