Merge "Allow init and vold writing misc block device." into nyc-dev

am: 541e9d50 * commit '541e9d50': Allow init and vold writing misc block device. Change-Id: Ifcf032d5afd8b576246ba5c8e00c039bbf6e8059

Merge "Allow init and vold writing misc block device." into nyc-dev
466fd7fa · Yabin Cui · android-build-merger · 35d91f67 · 541e9d50 · 466fd7fa
Commit 466fd7fa authored 9 years ago by Yabin Cui Committed by android-build-merger 9 years ago
--- a/init.te
+++ b/init.te
@@ -329,6 +329,9 @@ allow init unencrypted_data_file:dir create_dir_perms;

 unix_socket_connect(init, vold, vold)

+# Raw writes to misc block device
+allow init misc_block_device:blk_file w_file_perms;
+
 ###
 ### neverallow rules
 ###

--- a/vold.te
+++ b/vold.te
@@ -188,6 +188,9 @@ allow vold toolbox_exec:file rx_file_perms;
 allow vold user_profile_data_file:dir create_dir_perms;
 allow vold user_profile_foreign_dex_data_file:dir { getattr setattr };

+# Raw writes to misc block device
+allow vold misc_block_device:blk_file w_file_perms;
+
 neverallow { domain -vold } vold_data_file:dir ~{ open create read getattr setattr search relabelto ioctl };
 neverallow { domain -vold } vold_data_file:notdevfile_class_set ~{ relabelto getattr };
 neverallow { domain -vold -init } vold_data_file:dir *;