| Tom Marshall | 39a4244 | 2014-11-26 13:26:14 -0800 | [diff] [blame] | 1 | domain_trans(init, rootfs, vold) |
| 2 | |
| Pawit Pornkitprasan | ef90771 | 2013-11-14 10:46:26 +0700 | [diff] [blame] | 3 | # Allow vold to manage ASEC |
| Steve Kondik | aa38b56 | 2016-08-26 02:31:15 -0700 | [diff] [blame] | 4 | allow vold sdcard_type:file create_file_perms; |
| Christopher R. Palmer | da48ab8 | 2015-02-19 10:54:30 -0500 | [diff] [blame] | 5 | allow vold vold_tmpfs:file create_file_perms; |
| Pawit Pornkitprasan | 9a19f57 | 2013-11-15 09:54:39 +0700 | [diff] [blame] | 6 | |
| Pawit Pornkitprasan | 54c91b8 | 2013-12-10 17:10:50 +0700 | [diff] [blame] | 7 | # Allow vold to access fuse for fuse-based fs |
| Steve Kondik | aa38b56 | 2016-08-26 02:31:15 -0700 | [diff] [blame] | 8 | allow vold fuseblk:chr_file rw_file_perms; |
| Pawit Pornkitprasan | 54c91b8 | 2013-12-10 17:10:50 +0700 | [diff] [blame] | 9 | |
| 10 | # NTFS-3g wants to drop permission |
| 11 | allow vold self:capability { setgid setuid }; |
| Matt Mower | 2806bc4 | 2014-12-19 10:45:10 -0600 | [diff] [blame] | 12 | |
| 13 | # Vold can also run as minivold in the rootfs |
| 14 | recovery_only(` |
| 15 | allow vold rootfs:dir { add_name write }; |
| Matt Mower | 511152c | 2015-12-27 12:26:23 -0600 | [diff] [blame] | 16 | allow vold rootfs:file execute_no_trans; |
| Adrian DC | 463feb6 | 2016-08-02 23:21:35 +0200 | [diff] [blame] | 17 | allow vold vold_tmpfs:file link; |
| Matt Mower | 2806bc4 | 2014-12-19 10:45:10 -0600 | [diff] [blame] | 18 | ') |
| codeworkx | 14e765c | 2016-01-01 17:29:10 +0100 | [diff] [blame] | 19 | |
| 20 | # External storage |
| 21 | allow vold storage_stub_file:dir { rw_file_perms search add_name }; |
| 22 | allow vold mnt_media_rw_stub_file:dir r_dir_perms; |
| LuK1337 | 314a2bc | 2016-09-14 20:45:04 +0200 | [diff] [blame] | 23 | allow vold mkfs_exec:file { execute read open getattr execute_no_trans }; |