tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "Confine sdcardd, but leave it permissive for now."

Browse source
This commit is contained in:
Nick Kralevich 2014-01-02 18:32:09 +00:00 committed by Gerrit Code Review
commit 588bb5c791
1 changed files with 15 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
sdcardd.te
View file

@ -1,9 +1,23 @@
type sdcardd, domain;
permissive sdcardd;
type sdcardd_exec, exec_type, file_type;
init_daemon_domain(sdcardd)
unconfined_domain(sdcardd)
allow sdcardd cgroup:dir create_dir_perms;
allow sdcardd fuse_device:chr_file rw_file_perms;
allow sdcardd rootfs:dir mounton;
allow sdcardd sdcard_type:filesystem mount;
allow sdcardd self:capability { setuid setgid dac_override sys_admin sys_resource };
type_transition sdcardd system_data_file:{ dir file } media_rw_data_file;
allow sdcardd media_rw_data_file:dir create_dir_perms;
allow sdcardd media_rw_data_file:file create_file_perms;
# Read /data/system/packages.list.
allow sdcardd system_data_file:file r_file_perms;
# Compatibility for existing devices with /data/media in system_data_file.
# TODO: Remove these lines after we have guaranteed that /data/media has been relabeled to media_rw_data_file.
allow sdcardd system_data_file:dir create_dir_perms;
allow sdcardd system_data_file:file create_file_perms;