Allow vold to move FUSE backing files directly.

This enables an optimization of bypassing the FUSE overhead when migrating emulated storage between volumes. avc: denied { write } for path="/mnt/expand/6cba9b95-4fc8-4096-b51f-bdb2c007d059/media/obb/.nomedia" dev="dm-0" ino=387843 scontext=u:r:vold:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=file permissive=1 Bug: 19993667 Change-Id: I2bb9aaca50ed988ded6afec6d7fbe190903707e0
2015-04-24 15:19:22 -07:00 · 2015-04-24 15:19:22 -07:00 · 90c64542a2
commit 90c64542a2
parent c2e31a7782
1 changed files with 4 additions and 1 deletions
--- a/vold.te
+++ b/vold.te
@ -39,6 +39,10 @@ allow vold sdcard_type:file create_file_perms; # TODO: deprecated in M
 allow vold { mnt_media_rw_file storage_file sdcard_type }:dir create_dir_perms;
 allow vold { mnt_media_rw_file storage_file sdcard_type }:file create_file_perms;

+# Access to storage that backs emulated FUSE daemons for migration optimization
+allow vold media_rw_data_file:dir create_dir_perms;
+allow vold media_rw_data_file:file create_file_perms;
+
 # Newly created storage dirs are always treated as mount stubs to prevent us
 # from accidentally writing when the mount point isn't present.
 type_transition vold storage_file:dir storage_stub_file;
@ -55,7 +59,6 @@ allow vold mnt_user_file:lnk_file create_file_perms;
 # Allow to create and mount expanded storage
 allow vold mnt_expand_file:dir { create_dir_perms mounton };
 allow vold apk_data_file:dir { create getattr setattr };
-allow vold media_rw_data_file:dir { create getattr setattr };
 allow vold shell_data_file:dir { create getattr setattr };

 allow vold tmpfs:filesystem { mount unmount };