blob: d00fcec3c10caca9921dae9f8e9de24be71ad987 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
|
domain_trans(init, rootfs, vold)
# Allow vold to manage ASEC
allow vold sdcard_external:file create_file_perms;
allow vold vold_tmpfs:file create_file_perms;
# Allow vold to access fuse for fuse-based fs
allow vold fuse_device:chr_file rw_file_perms;
# NTFS-3g wants to drop permission
allow vold self:capability { setgid setuid };
# Vold can also run as minivold in the rootfs
recovery_only(`
allow vold rootfs:dir { add_name write };
allow vold rootfs:file execute_no_trans;
allow vold vold_tmpfs:file link;
')
# External storage
allow vold storage_stub_file:dir { rw_file_perms search add_name };
allow vold mnt_media_rw_stub_file:dir r_dir_perms;
allow vold mkfs_exec:file { execute read open execute_no_trans };
|
