Grant kernel access to new "virtual_disk" file.

am: 3f724c95 Change-Id: Ia390c3537b7efe897154380ee836dbb7ac0ed742

Grant kernel access to new "virtual_disk" file.
92229884 · Jeff Sharkey · android-build-merger · a6152592 · 3f724c95 · 92229884
Commit 92229884 authored 7 years ago by Jeff Sharkey Committed by android-build-merger 7 years ago
--- a/public/kernel.te
+++ b/public/kernel.te
@@ -73,6 +73,9 @@ userdebug_or_eng(`
 allow kernel media_rw_data_file:dir create_dir_perms;
 allow kernel media_rw_data_file:file create_file_perms;

+# Access to /data/misc/vold/virtual_disk.
+allow kernel vold_data_file:file read;
+
 ###
 ### neverallow rules
 ###

--- a/public/vold.te
+++ b/public/vold.te
@@ -175,9 +175,9 @@ allow vold user_profile_data_file:dir create_dir_perms;
 allow vold misc_block_device:blk_file w_file_perms;

 neverallow { domain -vold } vold_data_file:dir ~{ open create read getattr setattr search relabelto ioctl };
-neverallow { domain -vold } vold_data_file:notdevfile_class_set ~{ relabelto getattr };
+neverallow { domain -vold -kernel } vold_data_file:notdevfile_class_set ~{ relabelto getattr };
 neverallow { domain -vold -init } vold_data_file:dir *;
-neverallow { domain -vold -init } vold_data_file:notdevfile_class_set *;
+neverallow { domain -vold -init -kernel } vold_data_file:notdevfile_class_set *;
 neverallow { domain -vold -init } restorecon_prop:property_service set;

 neverallow vold fsck_exec:file execute_no_trans;