recovery: allow read access to fuse filesystem

adb sideload depends on the ability to access the fuse directory. Flipping recovery into enforcing started triggering the following denial: type=1400 audit(17964905.699:7): avc: denied { search } for pid=132 comm="recovery" name="/" dev="fuse" ino=1 scontext=u:r:recovery:s0 tcontext=u:object_r:sdcard_internal:s0 tclass=dir Change-Id: I27ee0295fa2e2d0449bfab4f95bfbc076e92cf59
author: Nick Kralevich <nnk@google.com> 2014-07-08 10:52:05 -0700
committer: Nick Kralevich <nnk@google.com> 2014-07-08 10:52:05 -0700
commit: e9d97b744e95307020d461fd16f756323f25bba7 (patch)
tree: a0e63ebd6ce6830effa43c22ff584a1c35473b4a /recovery.te
parent: 9f6af083e8a31c9b5a9f9ac21885dfc3c0dc14b2 (diff)
download: android_external_sepolicy-e9d97b744e95307020d461fd16f756323f25bba7.tar.gz
android_external_sepolicy-e9d97b744e95307020d461fd16f756323f25bba7.tar.bz2
android_external_sepolicy-e9d97b744e95307020d461fd16f756323f25bba7.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/recovery.te b/recovery.te
index 9c59003..28c7f80 100644
--- a/recovery.te
+++ b/recovery.te
@@ -92,6 +92,7 @@ recovery_only(`
   # "sdcard_internal"; the simulated SD card is the only other user of
   # fuse.)
   allow recovery fuse_device:chr_file rw_file_perms;
+  allow recovery sdcard_internal:dir r_dir_perms;
   allow recovery sdcard_internal:file r_file_perms;
 
   wakelock_use(recovery)
author	Nick Kralevich <nnk@google.com>	2014-07-08 10:52:05 -0700
committer	Nick Kralevich <nnk@google.com>	2014-07-08 10:52:05 -0700
commit	e9d97b744e95307020d461fd16f756323f25bba7 (patch)
tree	a0e63ebd6ce6830effa43c22ff584a1c35473b4a /recovery.te
parent	9f6af083e8a31c9b5a9f9ac21885dfc3c0dc14b2 (diff)
download	android_external_sepolicy-e9d97b744e95307020d461fd16f756323f25bba7.tar.gz android_external_sepolicy-e9d97b744e95307020d461fd16f756323f25bba7.tar.bz2 android_external_sepolicy-e9d97b744e95307020d461fd16f756323f25bba7.zip