From 8a65aeca0e7b1db3de3a29a51a68a778738d1208 Mon Sep 17 00:00:00 2001 From: Daniel Rosenberg Date: Tue, 13 Jun 2017 13:55:00 -0700 Subject: [PATCH] Add rules for vfat for sdcardfs This adds parellel rules to the ones added for media_rw_data_file to allow apps to access vfat under sdcardfs. This should be reverted if sdcardfs is modified to alter the secontext it used for access to the lower filesystem Change-Id: Idb123206ed2fac3ead88b0c1ed0b66952597ac65 Bug: 62584229 Test: Run android.appsecurity.cts.ExternalStorageHostTest with an external card formated as vfat Signed-off-by: Daniel Rosenberg --- private/app.te | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/private/app.te b/private/app.te index c87bd84f6..79adee071 100644 --- a/private/app.te +++ b/private/app.te @@ -207,8 +207,8 @@ allow { appdomain -isolated_app -ephemeral_app } sdcardfs:dir create_dir_perms; allow { appdomain -isolated_app -ephemeral_app } sdcardfs:file create_file_perms; # This should be removed if sdcardfs is modified to alter the secontext for its # accesses to the underlying FS. -allow { appdomain -isolated_app -ephemeral_app } media_rw_data_file:dir create_dir_perms; -allow { appdomain -isolated_app -ephemeral_app } media_rw_data_file:file create_file_perms; +allow { appdomain -isolated_app -ephemeral_app } { media_rw_data_file vfat }:dir create_dir_perms; +allow { appdomain -isolated_app -ephemeral_app } { media_rw_data_file vfat }:file create_file_perms; # Access OBBs (vfat images) mounted by vold (b/17633509) # File write access allowed for FDs returned through Storage Access Framework