Allow sdcard daemon to run above expanded storage.

We have a /media directory on expanded storage that behaves just like internal storage, and has a FUSE daemon running above it. avc: denied { search } for name="expand" dev="tmpfs" ino=3130 scontext=u:r:sdcardd:s0 tcontext=u:object_r:mnt_expand_file:s0 tclass=dir permissive=0 Bug: 19993667 Change-Id: I771ecb8f2808c48ccf4139ac9cfc2a48a2332fec
author: Jeff Sharkey <jsharkey@android.com> 2015-04-11 22:10:20 -0700
committer: Jeff Sharkey <jsharkey@android.com> 2015-04-11 22:21:50 -0700
commit: 3acec6fa1784cb44055b304c4a01ebb391468c31 (patch)
tree: d4eaa767f4dffb0b6580d9dd15a3d8a5d9723809
parent: 03a6f64f9568e2c58eb043463a5b4ff1cf10bef6 (diff)
download: android_external_sepolicy-3acec6fa1784cb44055b304c4a01ebb391468c31.tar.gz
android_external_sepolicy-3acec6fa1784cb44055b304c4a01ebb391468c31.tar.bz2
android_external_sepolicy-3acec6fa1784cb44055b304c4a01ebb391468c31.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/sdcardd.te b/sdcardd.te
index 96216c4..cd2bc64 100644
--- a/sdcardd.te
+++ b/sdcardd.te
@@ -28,3 +28,6 @@ allow sdcardd install_data_file:file r_file_perms;
 # Allow stdin/out back to vold
 allow sdcardd vold:fd use;
 allow sdcardd vold:fifo_file { read write getattr };
+
+# Allow running on top of expanded storage
+allow sdcardd mnt_expand_file:dir search;
author	Jeff Sharkey <jsharkey@android.com>	2015-04-11 22:10:20 -0700
committer	Jeff Sharkey <jsharkey@android.com>	2015-04-11 22:21:50 -0700
commit	3acec6fa1784cb44055b304c4a01ebb391468c31 (patch)
tree	d4eaa767f4dffb0b6580d9dd15a3d8a5d9723809
parent	03a6f64f9568e2c58eb043463a5b4ff1cf10bef6 (diff)
download	android_external_sepolicy-3acec6fa1784cb44055b304c4a01ebb391468c31.tar.gz android_external_sepolicy-3acec6fa1784cb44055b304c4a01ebb391468c31.tar.bz2 android_external_sepolicy-3acec6fa1784cb44055b304c4a01ebb391468c31.zip