From 80ea1d230526810986964e8c7ed93c3a51159c78 Mon Sep 17 00:00:00 2001
From: William Roberts <bill.c.roberts@gmail.com>
Date: Thu, 31 May 2012 09:44:51 -0400
Subject: [PATCH] sdcard policy and fuse device label.

---
 device.te     |  1 +
 file_contexts |  2 ++
 sdcardd.te    | 13 +++++++++++++
 3 files changed, 16 insertions(+)
 create mode 100644 sdcardd.te

diff --git a/device.te b/device.te
index ac34d727c..4d2dea36e 100644
--- a/device.te
+++ b/device.te
@@ -37,6 +37,7 @@ type urandom_device, dev_type;
 type video_device, dev_type;
 type vcs_device, dev_type;
 type zero_device, dev_type;
+type fuse_device, dev_type;
 
 # All devices have a uart for the hci
 # attach service. The uart dev node
diff --git a/file_contexts b/file_contexts
index c610df37c..fa22c8777 100644
--- a/file_contexts
+++ b/file_contexts
@@ -25,6 +25,7 @@
 /dev/device-mapper	u:object_r:dm_device:s0
 /dev/eac		u:object_r:audio_device:s0
 /dev/full		u:object_r:full_device:s0
+/dev/fuse		u:object_r:fuse_device:s0
 /dev/graphics(/.*)?	u:object_r:graphics_device:s0
 /dev/input(/.*)		u:object_r:input_device:s0
 /dev/kmem		u:object_r:kmem_device:s0
@@ -96,6 +97,7 @@
 /system/bin/bluetoothd	u:object_r:bluetoothd_exec:s0
 /system/bin/wpa_supplicant	u:object_r:wpa_exec:s0
 /system/bin/qemud	u:object_r:qemud_exec:s0
+/system/bin/sdcard      u:object_r:sdcardd_exec:s0
 /system/xbin/su		u:object_r:su_exec:s0
 /system/vendor/bin/gpsd u:object_r:gpsd_exec:s0
 #############################
diff --git a/sdcardd.te b/sdcardd.te
new file mode 100644
index 000000000..21b867322
--- /dev/null
+++ b/sdcardd.te
@@ -0,0 +1,13 @@
+type sdcardd, domain;
+type sdcardd_exec, exec_type, file_type;
+
+init_daemon_domain(sdcardd)
+
+allow sdcardd cgroup:dir create_dir_perms;
+allow sdcardd fuse_device:chr_file rw_file_perms;
+allow sdcardd rootfs:dir mounton;
+allow sdcardd sdcard:filesystem mount;
+allow sdcardd self:capability { setuid setgid };
+allow sdcardd system_data_file:dir  create_dir_perms;
+allow sdcardd system_data_file:file create_file_perms;
+
-- 
GitLab