Gitiles
Code Review Sign In
review.blissroms.org / platform_vendor_bliss / a74cf447747bb1e151a04093e8baab580deffbfd / . / sepolicy / vold.te
blob: af521e8effa6c5e40fc58298b70839bc50dfec13 [file] [log] [blame]
Tom Marshall4ad487b2014-11-26 13:26:14 -0800[diff] [blame]1domain_trans(init, rootfs, vold)
2
Alberto97d3359a02014-11-30 17:20:55 +0100[diff] [blame]3# Allow vold to manage ASEC
Steve Kondik12e7c022016-08-26 02:31:15 -0700[diff] [blame]4allow vold sdcard_type:file create_file_perms;
Christopher R. Palmerbd860192015-02-19 10:54:30 -0500[diff] [blame]5allow vold vold_tmpfs:file create_file_perms;
Alberto97d3359a02014-11-30 17:20:55 +0100[diff] [blame]6
Alberto97d3359a02014-11-30 17:20:55 +0100[diff] [blame]7# Allow vold to access fuse for fuse-based fs
Steve Kondik12e7c022016-08-26 02:31:15 -0700[diff] [blame]8allow vold fuseblk:chr_file rw_file_perms;
Alberto97d3359a02014-11-30 17:20:55 +0100[diff] [blame]9
10# NTFS-3g wants to drop permission
11allow vold self:capability { setgid setuid };
Matt Mowerff280c92014-12-19 10:45:10 -0600[diff] [blame]12
13# Vold can also run as minivold in the rootfs
14recovery_only(`
15 allow vold rootfs:dir { add_name write };
16')
codeworkx8630bd42016-01-01 17:29:10 +0100[diff] [blame]17
18# External storage
19allow vold storage_stub_file:dir { rw_file_perms search add_name };
20allow vold mnt_media_rw_stub_file:dir r_dir_perms;
LuK133724283422016-09-14 20:45:04 +0200[diff] [blame]21allow vold mkfs_exec:file { execute read open getattr execute_no_trans };