Merge "vold: grant perms from domain_deprecated"

1cf93217 · Jeffrey Vander Stoep · Gerrit Code Review · f33507df · 9306072c · 1cf93217
Commit 1cf93217 authored 9 years ago by Jeffrey Vander Stoep Committed by Gerrit Code Review 9 years ago
--- a/vold.te
+++ b/vold.te
@@ -8,6 +8,17 @@ init_daemon_domain(vold)
 domain_auto_trans(vold, sgdisk_exec, sgdisk);
 domain_auto_trans(vold, sdcardd_exec, sdcardd);

+# Read already opened /cache files.
+allow vold cache_file:dir r_dir_perms;
+allow vold cache_file:file { getattr read };
+allow vold cache_file:lnk_file r_file_perms;
+
+# Read access to pseudo filesystems.
+r_dir_file(vold, proc)
+r_dir_file(vold, proc_net)
+r_dir_file(vold, sysfs)
+r_dir_file(vold, rootfs)
+
 # For a handful of probing tools, we choose an even more restrictive
 # domain when working with untrusted block devices
 domain_trans(vold, shell_exec, blkid);