Grant platform apps access to /mnt/media_rw with sdcard_posix label Also allow apps to read the contents of mounted OBBs. See AOSP Change-Id: I66df236eade3ca25a10749dd43d173ff4628cfad and Change-Id: I49b722b24c1c7d9ab084ebee7c1e349d8d660ffa Change-Id: I757a2a8831c69d41c0496025a39eaf79ceb0e65f

commit: 8c780755f2ce005de4a7391d8ca142149861ca68 [log] [tgz]
author: Jani Lusikka <jani.lusikka@gmail.com> Sat Jan 16 00:04:18 2016 +0200
committer: Gerrit Code Review <gerrit@cyanogenmod.org> Sun Jan 24 14:39:42 2016 -0800
tree: fbee78a32e859eb293ce83af50a2a05180726e46
parent: 580bc0afa288450dcba71609173886cbc94166b4 [diff] [blame]
diff --git a/sepolicy/app.te b/sepolicy/app.te
index 761eb5f..e590efe 100644
--- a/sepolicy/app.te
+++ b/sepolicy/app.te

@@ -1,3 +1,8 @@
+# Access OBBs (sdcard_posix) mounted by vold
+# File write access allowed for FDs returned through Storage Access Framework
+allow appdomain sdcard_posix:dir r_dir_perms;
+allow appdomain sdcard_posix:file rw_file_perms;
+
 # Themed resources (i.e. composed icons)
 allow appdomain theme_data_file:dir r_dir_perms;
 allow appdomain theme_data_file:file r_file_perms;
commit	8c780755f2ce005de4a7391d8ca142149861ca68	[log] [tgz]
author	Jani Lusikka <jani.lusikka@gmail.com>	Sat Jan 16 00:04:18 2016 +0200
committer	Gerrit Code Review <gerrit@cyanogenmod.org>	Sun Jan 24 14:39:42 2016 -0800
tree	fbee78a32e859eb293ce83af50a2a05180726e46
parent	580bc0afa288450dcba71609173886cbc94166b4 [diff] [blame]