From 90c64542a20b23180c36b9bb07b78c1ff06350a1 Mon Sep 17 00:00:00 2001
From: Jeff Sharkey <jsharkey@android.com>
Date: Fri, 24 Apr 2015 15:19:22 -0700
Subject: [PATCH] Allow vold to move FUSE backing files directly.

This enables an optimization of bypassing the FUSE overhead when
migrating emulated storage between volumes.

avc: denied { write } for path="/mnt/expand/6cba9b95-4fc8-4096-b51f-bdb2c007d059/media/obb/.nomedia" dev="dm-0" ino=387843 scontext=u:r:vold:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=file permissive=1

Bug: 19993667
Change-Id: I2bb9aaca50ed988ded6afec6d7fbe190903707e0
---
 vold.te | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/vold.te b/vold.te
index b534c1e8f..e72822c93 100644
--- a/vold.te
+++ b/vold.te
@@ -39,6 +39,10 @@ allow vold sdcard_type:file create_file_perms; # TODO: deprecated in M
 allow vold { mnt_media_rw_file storage_file sdcard_type }:dir create_dir_perms;
 allow vold { mnt_media_rw_file storage_file sdcard_type }:file create_file_perms;
 
+# Access to storage that backs emulated FUSE daemons for migration optimization
+allow vold media_rw_data_file:dir create_dir_perms;
+allow vold media_rw_data_file:file create_file_perms;
+
 # Newly created storage dirs are always treated as mount stubs to prevent us
 # from accidentally writing when the mount point isn't present.
 type_transition vold storage_file:dir storage_stub_file;
@@ -55,7 +59,6 @@ allow vold mnt_user_file:lnk_file create_file_perms;
 # Allow to create and mount expanded storage
 allow vold mnt_expand_file:dir { create_dir_perms mounton };
 allow vold apk_data_file:dir { create getattr setattr };
-allow vold media_rw_data_file:dir { create getattr setattr };
 allow vold shell_data_file:dir { create getattr setattr };
 
 allow vold tmpfs:filesystem { mount unmount };
-- 
GitLab