diff options
author | Paul Lawrence <paullawrence@google.com> | 2015-03-11 15:44:14 -0700 |
---|---|---|
committer | Paul Lawrence <paullawrence@google.com> | 2015-03-27 14:47:30 -0700 |
commit | 38af1da10785c3c4056e148652d565a7187614ea (patch) | |
tree | 97a31ed4fa87afa514b64c04487269c1dc883f50 /init.te | |
parent | 85ce2c706e95f96c95b3af418b7bda0bfe9918f4 (diff) | |
download | android_external_sepolicy-38af1da10785c3c4056e148652d565a7187614ea.tar.gz android_external_sepolicy-38af1da10785c3c4056e148652d565a7187614ea.tar.bz2 android_external_sepolicy-38af1da10785c3c4056e148652d565a7187614ea.zip |
Adding e4crypt support
Add selinux rules to allow file level encryption to work
Change-Id: I1e4bba23e99cf5b2624a7df843688fba6f3c3209
Diffstat (limited to 'init.te')
-rw-r--r-- | init.te | 12 |
1 files changed, 12 insertions, 0 deletions
@@ -234,6 +234,18 @@ allow init metadata_block_device:blk_file rw_file_perms; allow init pstorefs:dir search; allow init pstorefs:file r_file_perms; +# linux keyring configuration +allow init init:key { write search setattr }; + +# Allow init to link temp fs to unencrypted data on userdata +allow init tmpfs:lnk_file { create read getattr relabelfrom }; + +# Allow init to manipulate /data/unencrypted +allow init unencrypted_data_file:{ file lnk_file } create_file_perms; +allow init unencrypted_data_file:dir create_dir_perms; + +unix_socket_connect(init, vold, vold) + ### ### neverallow rules ### |