diff options
author | Jeff Sharkey <jsharkey@android.com> | 2015-05-14 20:55:31 -0700 |
---|---|---|
committer | Jeff Sharkey <jsharkey@android.com> | 2015-05-14 20:55:33 -0700 |
commit | c960596cc346a94d15dcfff51a7e25ddf4edbd19 (patch) | |
tree | 44dd0d1902049cb785a30d9a605e6f75b5583a39 /recovery.te | |
parent | ae6969440bcd1587b8df20e246d63329d17c0a75 (diff) | |
download | android_external_sepolicy-c960596cc346a94d15dcfff51a7e25ddf4edbd19.tar.gz android_external_sepolicy-c960596cc346a94d15dcfff51a7e25ddf4edbd19.tar.bz2 android_external_sepolicy-c960596cc346a94d15dcfff51a7e25ddf4edbd19.zip |
drop_caches label, vold scratch space on expanded.
Define an explicit label for /proc/sys/vm/drop_caches and grant to
the various people who need it, including vold which uses it when
performing storage benchmarks.
Also let vold create new directories under it's private storage area
where the benchmarks will be carried out. Mirror the definition of
the private storage area on expanded media.
avc: denied { write } for name="drop_caches" dev="proc" ino=20524 scontext=u:r:vold:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=0
Bug: 21172095
Change-Id: I300b1cdbd235ff60e64064d3ba6e5ea783baf23f
Diffstat (limited to 'recovery.te')
-rw-r--r-- | recovery.te | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/recovery.te b/recovery.te index 29f1a50..2aad68b 100644 --- a/recovery.te +++ b/recovery.te @@ -41,8 +41,7 @@ recovery_only(` allow recovery exec_type:dir { create_dir_perms relabelfrom relabelto }; # Write to /proc/sys/vm/drop_caches - # TODO: create more specific label? - allow recovery proc:file w_file_perms; + allow recovery proc_drop_caches:file w_file_perms; # Write to /sys/class/android_usb/android0/enable. # TODO: create more specific label? |