Merge "Allow init and vold writing misc block device." into nyc-dev

541e9d50 · Yabin Cui · Android (Google) Code Review · 3e8d1bf8 · c1a23d04 · 541e9d50
Commit 541e9d50 authored 8 years ago by Yabin Cui Committed by Android (Google) Code Review 8 years ago
--- a/init.te
+++ b/init.te
@@ -286,6 +286,9 @@ allow init unencrypted_data_file:dir create_dir_perms;

 unix_socket_connect(init, vold, vold)

+# Raw writes to misc block device
+allow init misc_block_device:blk_file w_file_perms;
+
 ###
 ### neverallow rules
 ###

--- a/vold.te
+++ b/vold.te
@@ -189,6 +189,9 @@ allow vold toolbox_exec:file rx_file_perms;
 allow vold user_profile_data_file:dir create_dir_perms;
 allow vold user_profile_foreign_dex_data_file:dir { getattr setattr };

+# Raw writes to misc block device
+allow vold misc_block_device:blk_file w_file_perms;
+
 neverallow { domain -vold } vold_data_file:dir ~{ open create read getattr setattr search relabelto ioctl };
 neverallow { domain -vold } vold_data_file:notdevfile_class_set ~{ relabelto getattr };
 neverallow { domain -vold -init } vold_data_file:dir *;