Skip to content
Snippets Groups Projects
Commit 588bb5c7 authored by Nick Kralevich's avatar Nick Kralevich Committed by Gerrit Code Review
Browse files

Merge "Confine sdcardd, but leave it permissive for now."

parents c48fd77b 15abc950
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 15 additions and 1 deletion
sdcardd.te
+ 15
1
View file @ 588bb5c7
type sdcardd, domain;
permissive sdcardd;
type sdcardd_exec, exec_type, file_type;
init_daemon_domain(sdcardd)
unconfined_domain(sdcardd)
allow sdcardd cgroup:dir create_dir_perms;
allow sdcardd fuse_device:chr_file rw_file_perms;
allow sdcardd rootfs:dir mounton;
allow sdcardd sdcard_type:filesystem mount;
allow sdcardd self:capability { setuid setgid dac_override sys_admin sys_resource };
type_transition sdcardd system_data_file:{ dir file } media_rw_data_file;
allow sdcardd media_rw_data_file:dir create_dir_perms;
allow sdcardd media_rw_data_file:file create_file_perms;
# Read /data/system/packages.list.
allow sdcardd system_data_file:file r_file_perms;
# Compatibility for existing devices with /data/media in system_data_file.
# TODO: Remove these lines after we have guaranteed that /data/media has been relabeled to media_rw_data_file.
allow sdcardd system_data_file:dir create_dir_perms;
allow sdcardd system_data_file:file create_file_perms;
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment