diff options
author | Nick Kralevich <nnk@google.com> | 2014-07-24 17:07:27 -0700 |
---|---|---|
committer | Nick Kralevich <nnk@google.com> | 2014-07-25 09:46:15 -0700 |
commit | 1a61fb3bbcd82f0adfe134aed00238ad3b3dec98 (patch) | |
tree | 9297041d0580ca17d8d74a8ae461407a2f6478ad /sdcardd.te | |
parent | ba992496f01e40a10d9749bb25b6498138e607fb (diff) | |
download | android_external_sepolicy-1a61fb3bbcd82f0adfe134aed00238ad3b3dec98.tar.gz android_external_sepolicy-1a61fb3bbcd82f0adfe134aed00238ad3b3dec98.tar.bz2 android_external_sepolicy-1a61fb3bbcd82f0adfe134aed00238ad3b3dec98.zip |
Allow sdcardd to read /data/.layout_version
As described in the system/core commit with the same Change-Id,
there's a race condition between installd and sdcard when it
comes to accessing /data/media. Resolve the race by checking
/data/.layout_version to make sure the filesystem has been upgraded.
Maybe indirectly fixes the following SELinux denial:
sdcard : type=1400 audit(0.0:3): avc: denied { write } for name="media" dev="mmcblk0p17" ino=102753 scontext=u:r:sdcardd:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir
(cherrypicked from commit 792d8650d3dd5e0362a2a04a0af77f751a84b1de)
Bug: 16329437
Change-Id: I5e164f08009c1036469f8734ec07cbae9c5e262b
Diffstat (limited to 'sdcardd.te')
-rw-r--r-- | sdcardd.te | 3 |
1 files changed, 3 insertions, 0 deletions
@@ -18,3 +18,6 @@ allow sdcardd media_rw_data_file:file create_file_perms; # Read /data/system/packages.list. allow sdcardd system_data_file:file r_file_perms; + +# Read /data/.layout_version +allow sdcardd install_data_file:file r_file_perms; |