From db559a348ed23f3cc2a214de456524129c048d66 Mon Sep 17 00:00:00 2001
From: dcashman <dcashman@google.com>
Date: Wed, 27 Jan 2016 07:24:34 -0800
Subject: [PATCH] Allow sdcardd tmpfs read access.

Address the following denial:
type=1400 audit(1453854842.899:7): avc: denied { search } for pid=1512 comm="sdcard" name="/" dev="tmpfs" ino=7547 scontext=u:r:sdcardd:s0 tcontext=u:object_r:tmpfs:s0 tclass=dir permissive=0

vold: EmulatedVolume calls sdcard to mount on /storage/emulated.

Bug: 26807309
Change-Id: Ifdd7c356589f95165bba489dd06282a4087e9aee
---
 sdcardd.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/sdcardd.te b/sdcardd.te
index 056e9f829..846c59b58 100644
--- a/sdcardd.te
+++ b/sdcardd.te
@@ -4,6 +4,7 @@ type sdcardd_exec, exec_type, file_type;
 allow sdcardd cgroup:dir create_dir_perms;
 allow sdcardd fuse_device:chr_file rw_file_perms;
 allow sdcardd rootfs:dir mounton;  # TODO: deprecated in M
+allow sdcardd tmpfs:dir r_dir_perms;
 allow sdcardd mnt_media_rw_file:dir r_dir_perms;
 allow sdcardd storage_file:dir search;
 allow sdcardd storage_stub_file:dir { search mounton };