From eb6b74fa6b5c39afc04b92b5dc62fa633456220c Mon Sep 17 00:00:00 2001
From: Stephen Smalley <sds@tycho.nsa.gov>
Date: Tue, 24 Jun 2014 13:18:02 -0400
Subject: [PATCH] Allow kernel sdcard access for MTP sync.

Address denials such as:
avc: denied { write } for pid=2587 comm="kworker/u:4" path="/storage/emulated/0/Download/AllFileFormatesFromTommy/Test3GP.3gp" dev="fuse" ino=3086052592 scontext=u:r:kernel:s0 tcontext=u:object_r:sdcard_internal:s0 tclass=file permissive=0

Change-Id: I351e84b48f1b5a3361bc680b2ef379961ac2e8ea
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Bug: 15835289
---
 kernel.te | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/kernel.te b/kernel.te
index 084462486..ca01bbf62 100644
--- a/kernel.te
+++ b/kernel.te
@@ -34,6 +34,9 @@ dontaudit kernel self:security setenforce;
 # Set checkreqprot by init.rc prior to switching to init domain.
 allow kernel self:security setcheckreqprot;
 
+# MTP sync
+allow kernel sdcard_internal:file write;
+
 ###
 ### neverallow rules
 ###