From 80176dc44570c15c786e6129a7f9ae1fa9d1c27a Mon Sep 17 00:00:00 2001
From: Jeff Sharkey <jsharkey@android.com>
Date: Thu, 14 Nov 2013 16:07:57 -0800
Subject: [PATCH] Let vold mount OBB files on external storage.

Fixes this specific violation:

type=1400 audit(1384468728.202:16): avc:  denied { read write } for
pid=271 comm="vold" name="test1.obb" dev="fuse" ino=3100664872
scontext=u:r:vold:s0 tcontext=u:object_r:sdcard_internal:s0
tclass=file

Bug: 11693888
Change-Id: I45d30ecabdf0bc8871f3dd67b5695ac909109d9a
---
 vold.te | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/vold.te b/vold.te
index bbee60b8b..5c83828a7 100644
--- a/vold.te
+++ b/vold.te
@@ -14,6 +14,7 @@ allow vold rootfs:dir mounton;
 allow vold sdcard_type:dir mounton;
 allow vold sdcard_type:filesystem { mount remount unmount };
 allow vold sdcard_type:dir create_dir_perms;
+allow vold sdcard_type:file create_file_perms;
 allow vold tmpfs:filesystem { mount unmount };
 allow vold tmpfs:dir create_dir_perms;
 allow vold tmpfs:dir mounton;
@@ -69,5 +70,3 @@ allow vold asec_image_file:dir rw_dir_perms;
 security_access_policy(vold)
 allow vold asec_apk_file:dir { rw_dir_perms setattr };
 allow vold asec_apk_file:file { r_file_perms setattr };
-allow vold sdcard_external:dir create_dir_perms;
-allow vold sdcard_external:file create_file_perms;
-- 
GitLab