tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "Rename sdcard_internal/external types."

Browse source
This commit is contained in:
Nick Kralevich 2014-07-10 16:49:04 +00:00 committed by Gerrit Code Review
commit 4da3bb1481
5 changed files with 12 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
app.te
View file

@ -116,8 +116,8 @@ allow appdomain radio_data_file:file { read write getattr };
allow untrusted_app system_app_data_file:file { read write getattr };
# Access SDcard via the fuse mount.
allow appdomain sdcard_internal:dir create_dir_perms;
allow appdomain sdcard_internal:file create_file_perms;
allow appdomain fuse:dir create_dir_perms;
allow appdomain fuse:file create_file_perms;
# Allow apps to use the USB Accessory interface.
# http://developer.android.com/guide/topics/connectivity/usb/accessory.html

6
file.te
View file

@ -28,8 +28,10 @@ type devpts, fs_type, mlstrustedobject;
type tmpfs, fs_type;
type shm, fs_type;
type mqueue, fs_type;
type sdcard_internal, sdcard_type, fs_type, mlstrustedobject;
type sdcard_external, sdcard_type, fs_type, mlstrustedobject;
type fuse, sdcard_type, fs_type, mlstrustedobject;
type vfat, sdcard_type, fs_type, mlstrustedobject;
typealias fuse alias sdcard_internal;
typealias vfat alias sdcard_external;
type debugfs, fs_type, mlstrustedobject;
type pstorefs, fs_type;
type functionfs, fs_type;

4
genfs_contexts
View file

@ -25,9 +25,9 @@ genfscon cgroup / u:object_r:cgroup:s0
# sysfs labels can be set by userspace.
genfscon sysfs / u:object_r:sysfs:s0
genfscon inotifyfs / u:object_r:inotify:s0
genfscon vfat / u:object_r:sdcard_external:s0
genfscon vfat / u:object_r:vfat:s0
genfscon debugfs / u:object_r:debugfs:s0
genfscon fuse / u:object_r:sdcard_internal:s0
genfscon fuse / u:object_r:fuse:s0
genfscon pstore / u:object_r:pstorefs:s0
genfscon functionfs / u:object_r:functionfs:s0
genfscon usbfs / u:object_r:usbfs:s0

2
kernel.te
View file

@ -35,7 +35,7 @@ dontaudit kernel self:security setenforce;
allow kernel self:security setcheckreqprot;
# MTP sync
allow kernel sdcard_internal:file { read write };
allow kernel fuse:file { read write };
###
### neverallow rules

9
recovery.te
View file

@ -87,13 +87,10 @@ recovery_only(`
# Use setfscreatecon() to label files for OTA updates.
allow recovery self:process setfscreate;
# Allow recovery to create a fuse filesystem, and read files from
# it. (Note that all files on fuse filesystems are labeled
# "sdcard_internal"; the simulated SD card is the only other user of
# fuse.)
# Allow recovery to create a fuse filesystem, and read files from it.
allow recovery fuse_device:chr_file rw_file_perms;
allow recovery sdcard_internal:dir r_dir_perms;
allow recovery sdcard_internal:file r_file_perms;
allow recovery fuse:dir r_dir_perms;
allow recovery fuse:file r_file_perms;
wakelock_use(recovery)