Rename sdcard_internal/external types.

Rename sdcard_internal/external types to fuse and vfat
respectively to make it clear that they are assigned to any
fuse or vfat filesystem by default (absent a context= mount option)
and do not necessarily represent the SDcard.

The sdcard_type attribute is still assigned to both types and
can still be used in allow rules to permit access to either the
internal or external SDcard.

Define type aliases for the old names to preserve compatibility
on policy reload and for device-specific policies that may not yet
be updated.

Change-Id: I8d91a8c4c1342b94e4f1bb62ca7ffd2ca4b06ba1
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

1 files changed, 3 insertions, 6 deletions

diff --git a/recovery.te b/recovery.te
index 28c7f80..66aa3df 100644
--- a/recovery.te
+++ b/recovery.te
@@ -87,13 +87,10 @@ recovery_only(`
   # Use setfscreatecon() to label files for OTA updates.
   allow recovery self:process setfscreate;
 
-  # Allow recovery to create a fuse filesystem, and read files from
-  # it.  (Note that all files on fuse filesystems are labeled
-  # "sdcard_internal"; the simulated SD card is the only other user of
-  # fuse.)
+  # Allow recovery to create a fuse filesystem, and read files from it.
   allow recovery fuse_device:chr_file rw_file_perms;
-  allow recovery sdcard_internal:dir r_dir_perms;
-  allow recovery sdcard_internal:file r_file_perms;
+  allow recovery fuse:dir r_dir_perms;
+  allow recovery fuse:file r_file_perms;
 
   wakelock_use(recovery)