Introduce asec_public_file type.

This new type will allow us to write finer-grained
policy concerning asec containers. Some files of
these containers need to be world readable.

Change-Id: Iefee74214d664acd262edecbb4f981d633ff96ce
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>

1 files changed, 5 insertions, 2 deletions

diff --git a/vold.te b/vold.te
index 22198fd..18c909d 100644
--- a/vold.te
+++ b/vold.te
@@ -71,8 +71,11 @@ allow vold ctl_default_prop:property_service set;
 allow vold asec_image_file:file create_file_perms;
 allow vold asec_image_file:dir rw_dir_perms;
 security_access_policy(vold)
-allow vold asec_apk_file:dir { rw_dir_perms setattr };
-allow vold asec_apk_file:file { r_file_perms setattr };
+relabelto_domain(vold)
+allow vold asec_apk_file:dir { rw_dir_perms setattr relabelfrom };
+allow vold asec_public_file:dir { relabelto setattr };
+allow vold asec_apk_file:file { r_file_perms setattr relabelfrom };
+allow vold asec_public_file:file { relabelto setattr };
 
 # Handle wake locks (used for device encryption)
 allow vold sysfs_wake_lock:file rw_file_perms;