From e98cda25e152e82b7a30ddfff63d69301cb90d60 Mon Sep 17 00:00:00 2001
From: Jeff Sharkey <jsharkey@android.com>
Date: Sat, 18 Apr 2015 14:27:22 -0700
Subject: [PATCH] Grant apps write access to returned vfat FDs.

Users can pick files from vfat devices through the Storage Access
Framework, which are returned through ParcelFileDescriptors.  Grant
apps write access to those files.  (Direct access to the files on
disk is still controlled through normal filesystem permissions.)

avc: denied { write } for pid=3235 comm="Binder_1" path=2F6D6E742F6D656469615F72772F373243322D303446392F6D656F772F6D79206469722F706963322E706E67 dev="sdb1" ino=87 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:vfat:s0 tclass=file

Bug: 19993667
Change-Id: I24b4d8826f0a35825b2abc63d1cfe851e1c1bfe9
---
 app.te | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/app.te b/app.te
index 5e6988846..af8c5089d 100644
--- a/app.te
+++ b/app.te
@@ -147,8 +147,9 @@ allow appdomain fuse:dir create_dir_perms;
 allow appdomain fuse:file create_file_perms;
 
 # Access OBBs (vfat images) mounted by vold (b/17633509)
+# File write access allowed for FDs returned through Storage Access Framework
 allow appdomain vfat:dir r_dir_perms;
-allow appdomain vfat:file r_file_perms;
+allow appdomain vfat:file rw_file_perms;
 
 # Allow apps to use the USB Accessory interface.
 # http://developer.android.com/guide/topics/connectivity/usb/accessory.html
-- 
GitLab