From 9ba8ade5d2b24bd1f9083e8a51e7d586e609e28a Mon Sep 17 00:00:00 2001
From: Jeff Vander Stoep <jeffv@google.com>
Date: Mon, 26 Oct 2015 20:32:49 -0700
Subject: [PATCH] Fix MTP sync

Address the following denial:
avc: denied { use } for path="/storage/emulated/0/305512.pdf" dev="fuse"
ino=239 scontext=u:r:kernel:s0 tcontext=u:r:priv_app:s0:c512,c768 tclass=fd
permissive=0

Bug: 25068662
Change-Id: Ic29d9569ff387dfd411363db751c3642572c8e85
---
 kernel.te | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kernel.te b/kernel.te
index 6747d1c4b..ffefdf335 100644
--- a/kernel.te
+++ b/kernel.te
@@ -42,7 +42,7 @@ allow kernel self:security setcheckreqprot;
 
 # MTP sync (b/15835289)
 # kernel thread "loop0", used by the loop block device, for ASECs (b/17158723)
-allow kernel untrusted_app:fd use;
+allow kernel { priv_app untrusted_app }:fd use;
 allow kernel sdcard_type:file { read write };
 
 # Allow the kernel to read OBB files from app directories. (b/17428116)
-- 
GitLab