Adding e4crypt support

Add selinux rules to allow file level encryption to work Change-Id: I1e4bba23e99cf5b2624a7df843688fba6f3c3209
author: Paul Lawrence <paullawrence@google.com> 2015-03-11 15:44:14 -0700
committer: Paul Lawrence <paullawrence@google.com> 2015-03-27 14:47:30 -0700
commit: 38af1da10785c3c4056e148652d565a7187614ea (patch)
tree: 97a31ed4fa87afa514b64c04487269c1dc883f50 /init.te
parent: 85ce2c706e95f96c95b3af418b7bda0bfe9918f4 (diff)
download: android_external_sepolicy-38af1da10785c3c4056e148652d565a7187614ea.tar.gz
android_external_sepolicy-38af1da10785c3c4056e148652d565a7187614ea.tar.bz2
android_external_sepolicy-38af1da10785c3c4056e148652d565a7187614ea.zip
1 files changed, 12 insertions, 0 deletions
diff --git a/init.te b/init.te
index da9a722..909490d 100644
--- a/init.te
+++ b/init.te
@@ -234,6 +234,18 @@ allow init metadata_block_device:blk_file rw_file_perms;
 allow init pstorefs:dir search;
 allow init pstorefs:file r_file_perms;
 
+# linux keyring configuration
+allow init init:key { write search setattr };
+
+# Allow init to link temp fs to unencrypted data on userdata
+allow init tmpfs:lnk_file { create read getattr relabelfrom };
+
+# Allow init to manipulate /data/unencrypted
+allow init unencrypted_data_file:{ file lnk_file } create_file_perms;
+allow init unencrypted_data_file:dir create_dir_perms;
+
+unix_socket_connect(init, vold, vold)
+
 ###
 ### neverallow rules
 ###
author	Paul Lawrence <paullawrence@google.com>	2015-03-11 15:44:14 -0700
committer	Paul Lawrence <paullawrence@google.com>	2015-03-27 14:47:30 -0700
commit	38af1da10785c3c4056e148652d565a7187614ea (patch)
tree	97a31ed4fa87afa514b64c04487269c1dc883f50 /init.te
parent	85ce2c706e95f96c95b3af418b7bda0bfe9918f4 (diff)
download	android_external_sepolicy-38af1da10785c3c4056e148652d565a7187614ea.tar.gz android_external_sepolicy-38af1da10785c3c4056e148652d565a7187614ea.tar.bz2 android_external_sepolicy-38af1da10785c3c4056e148652d565a7187614ea.zip