Allow kernel sdcard access for MTP sync.

Address denials such as: avc: denied { write } for pid=2587 comm="kworker/u:4" path="/storage/emulated/0/Download/AllFileFormatesFromTommy/Test3GP.3gp" dev="fuse" ino=3086052592 scontext=u:r:kernel:s0 tcontext=u:object_r:sdcard_internal:s0 tclass=file permissive=0 Change-Id: I351e84b48f1b5a3361bc680b2ef379961ac2e8ea Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Bug: 15835289
2014-06-24 13:18:02 -04:00 · 2014-06-24 13:18:02 -04:00 · eb6b74fa6b
commit eb6b74fa6b
parent 9f2d3f93da
1 changed files with 3 additions and 0 deletions
--- a/kernel.te
+++ b/kernel.te
@ -34,6 +34,9 @@ dontaudit kernel self:security setenforce;
 # Set checkreqprot by init.rc prior to switching to init domain.
 allow kernel self:security setcheckreqprot;

+# MTP sync
+allow kernel sdcard_internal:file write;
+
 ###
 ### neverallow rules
 ###