From 93d849b674d0f6783eebf554256d4c10afda3891 Mon Sep 17 00:00:00 2001
From: Doug Zongker <dougz@google.com>
Date: Wed, 2 Jul 2014 10:28:20 -0700
Subject: [PATCH] recovery: allow creating and reading fuse filesystems

The new sideloading mechanism in recovery needs to create a fuse
filesystem and read files from it.

Change-Id: I22e1f7175baf401d2b75c4be6673ae4b75a0ccbf
---
 recovery.te | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/recovery.te b/recovery.te
index 9ee3a040a..cd2447c2f 100644
--- a/recovery.te
+++ b/recovery.te
@@ -83,6 +83,13 @@ recovery_only(`
   # Use setfscreatecon() to label files for OTA updates.
   allow recovery self:process setfscreate;
 
+  # Allow recovery to create a fuse filesystem, and read files from
+  # it.  (Note that all files on fuse filesystems are labeled
+  # "sdcard_internal"; the simulated SD card is the only other user of
+  # fuse.)
+  allow recovery fuse_device:chr_file rw_file_perms;
+  allow recovery sdcard_internal:file r_file_perms;
+
   wakelock_use(recovery)
 
   # This line seems suspect, as it should not really need to
-- 
GitLab