From 792d8650d3dd5e0362a2a04a0af77f751a84b1de Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Thu, 24 Jul 2014 17:07:27 -0700
Subject: [PATCH] Allow sdcardd to read /data/.layout_version

As described in the system/core commit with the same Change-Id,
there's a race condition between installd and sdcard when it
comes to accessing /data/media. Resolve the race by checking
/data/.layout_version to make sure the filesystem has been upgraded.

Maybe indirectly fixes the following SELinux denial:

  sdcard  : type=1400 audit(0.0:3): avc: denied { write } for name="media" dev="mmcblk0p17" ino=102753 scontext=u:r:sdcardd:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir

Bug: 16329437
Change-Id: I5e164f08009c1036469f8734ec07cbae9c5e262b
---
 sdcardd.te | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/sdcardd.te b/sdcardd.te
index 7a06998cf..ad5c58dfb 100644
--- a/sdcardd.te
+++ b/sdcardd.te
@@ -18,3 +18,6 @@ allow sdcardd media_rw_data_file:file create_file_perms;
 
 # Read /data/system/packages.list.
 allow sdcardd system_data_file:file r_file_perms;
+
+# Read /data/.layout_version
+allow sdcardd install_data_file:file r_file_perms;
-- 
GitLab