sepolicy: allow vold to mount ext4 sdcard When vold mounts an ext4 sdcard, it needs to force the context to sdcard_external. avc: denied { relabelfrom } for pid=190 comm=vold scontext=u:r:vold:s0 tcontext=u:object_r:labeledfs:s0 tclass=filesystem avc: denied { relabelto } for pid=190 comm=vold scontext=u:r:vold:s0 tcontext=u:object_r:sdcard_external:s0 tclass=filesystem avc: denied { relabelfrom } for pid=190 comm=vold scontext=u:r:vold:s0 tcontext=u:object_r:sdcard_external:s0 tclass=filesystem Change-Id: I80f42fbdf738dee10958ce1bdc1893a41234f0d9

commit: 9a19f575a4c991bf2d7bc2f8f980909910ee4cce [log] [tgz]
author: Pawit Pornkitprasan <p.pawit@gmail.com> Fri Nov 15 09:54:39 2013 +0700
committer: Pawit Pornkitprasan <p.pawit@gmail.com> Fri Nov 15 10:02:25 2013 +0700
tree: bcbe0250545bce4b1ba9c351f331e3b451eb11ad
parent: ef907713b74820e157cf46be7dd6454ca1d83a9a [diff] [blame]
diff --git a/sepolicy/vold.te b/sepolicy/vold.te
index 2451442..9877766 100644
--- a/sepolicy/vold.te
+++ b/sepolicy/vold.te

@@ -1,2 +1,7 @@
 # Allow vold to manage ASEC
 allow vold sdcard_external:file create_file_perms;
+
+# Allow vold to change context for mounted ext4 sdcard
+relabelto_domain(vold)
+allow vold labeledfs:filesystem { relabelfrom };
+allow vold sdcard_external:filesystem { relabelfrom relabelto };
commit	9a19f575a4c991bf2d7bc2f8f980909910ee4cce	[log] [tgz]
author	Pawit Pornkitprasan <p.pawit@gmail.com>	Fri Nov 15 09:54:39 2013 +0700
committer	Pawit Pornkitprasan <p.pawit@gmail.com>	Fri Nov 15 10:02:25 2013 +0700
tree	bcbe0250545bce4b1ba9c351f331e3b451eb11ad
parent	ef907713b74820e157cf46be7dd6454ca1d83a9a [diff] [blame]