Shell needs to read /storage/self/primary symlink.

avc: denied { read } for name="primary" dev="tmpfs" ino=3134 scontext=u:r:shell:s0 tcontext=u:object_r:storage_file:s0 tclass=lnk_file Change-Id: Id0ed2297a89054199fc73f27b18f717ae19c6778
author: Jeff Sharkey <jsharkey@android.com> 2015-03-30 17:47:22 -0700
committer: Jeff Sharkey <jsharkey@android.com> 2015-03-30 17:56:06 -0700
commit: 1c597f0cda67f0b37de4b64666567526e67f40ba (patch)
tree: 7722bab00ba92093ecda663d9e23dbabd7f99d4b /shell.te
parent: f063f461a9e5b6049f3516e48806b6a87848ac1a (diff)
download: android_external_sepolicy-1c597f0cda67f0b37de4b64666567526e67f40ba.tar.gz
android_external_sepolicy-1c597f0cda67f0b37de4b64666567526e67f40ba.tar.bz2
android_external_sepolicy-1c597f0cda67f0b37de4b64666567526e67f40ba.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/shell.te b/shell.te
index cfadf77..e7d03e8 100644
--- a/shell.te
+++ b/shell.te
@@ -74,3 +74,6 @@ allow shell domain:process getattr;
 # and read other files created by init process under /data/bootchart
 allow shell bootchart_data_file:dir rw_dir_perms;
 allow shell bootchart_data_file:file create_file_perms;
+
+# Follow the /storage/self/primary symlink
+allow appdomain storage_file:lnk_file r_file_perms;
author	Jeff Sharkey <jsharkey@android.com>	2015-03-30 17:47:22 -0700
committer	Jeff Sharkey <jsharkey@android.com>	2015-03-30 17:56:06 -0700
commit	1c597f0cda67f0b37de4b64666567526e67f40ba (patch)
tree	7722bab00ba92093ecda663d9e23dbabd7f99d4b /shell.te
parent	f063f461a9e5b6049f3516e48806b6a87848ac1a (diff)
download	android_external_sepolicy-1c597f0cda67f0b37de4b64666567526e67f40ba.tar.gz android_external_sepolicy-1c597f0cda67f0b37de4b64666567526e67f40ba.tar.bz2 android_external_sepolicy-1c597f0cda67f0b37de4b64666567526e67f40ba.zip