| domain_trans(init, rootfs, vold) |
| |
| # Allow vold to manage ASEC |
| allow vold sdcard_type:file create_file_perms; |
| allow vold vold_tmpfs:file create_file_perms; |
| |
| # Allow vold to access fuse for fuse-based fs |
| allow vold fuseblk:chr_file rw_file_perms; |
| |
| # NTFS-3g wants to drop permission |
| allow vold self:capability { setgid setuid }; |
| |
| # Vold can also run as minivold in the rootfs |
| recovery_only(` |
| allow vold rootfs:dir { add_name write }; |
| allow vold rootfs:file execute_no_trans; |
| allow vold vold_tmpfs:file link; |
| ') |
| |
| # External storage |
| allow vold storage_stub_file:dir { rw_file_perms search add_name }; |
| allow vold mnt_media_rw_stub_file:dir r_dir_perms; |
| allow vold mkfs_exec:file { execute read open getattr execute_no_trans }; |