From 251ba76b72031df7187bd9f7875f1a2880846d48 Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Tue, 28 Jan 2014 10:08:43 -0800
Subject: [PATCH] Allow "mkdir /sdcard/foo"

Creation of directories on /sdcard was not allowed for the
shell user. Fixed.

Steps to reproduce:

adb shell
cd /sdcard
mkdir foo

Addresses the following denial:

<5>[  446.361215] type=1400 audit(13427374.189:13): avc:  denied  { create } for  pid=3264 comm="mkdir" name="foo" scontext=u:r:shell:s0 tcontext=u:object_r:sdcard_internal:s0 tclass=dir

Bug: 12778268
Change-Id: I5a91b7581fe7e97fbf3caeed9fdf74981e49c58e
---
 shelldomain.te | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/shelldomain.te b/shelldomain.te
index 14a64ee86..d4bb019e7 100644
--- a/shelldomain.te
+++ b/shelldomain.te
@@ -6,7 +6,7 @@ allow shelldomain shell_data_file:file create_file_perms;
 allow shelldomain shell_data_file:file rx_file_perms;
 
 # Access sdcard.
-allow shelldomain sdcard_type:dir rw_dir_perms;
+allow shelldomain sdcard_type:dir create_dir_perms;
 allow shelldomain sdcard_type:file create_file_perms;
 
 # adb bugreport
-- 
GitLab