Storaged permission setting

Allowing storaged for reading from pseudo filesystems and debugfs.

Bug: 32221677

Change-Id: I837cead9a68f0b399703b64d724cb9c4b205c335

private/file_contexts

@@ -227,6 +227,7 @@
 /system/bin/idmap u:object_r:idmap_exec:s0
 /system/bin/update_engine        u:object_r:update_engine_exec:s0
 /system/bin/bspatch              u:object_r:update_engine_exec:s0
+/system/bin/storaged             u:object_r:storaged_exec:s0
 /system/bin/webview_zygote32     u:object_r:webview_zygote_exec:s0
 /system/bin/webview_zygote64     u:object_r:webview_zygote_exec:s0
 /system/fake-lib(64)?/libart.*   u:object_r:libart_file:s0
@@ -422,6 +423,7 @@
 #############################
 # debugfs files
 #
+/sys/kernel/debug/mmc0(/.*)?             u:object_r:debugfs_mmc:s0
 /sys/kernel/debug/tracing(/.*)?          u:object_r:debugfs_tracing:s0
 /sys/kernel/debug/tracing/trace_marker   u:object_r:debugfs_trace_marker:s0
 

private/storaged.te

+# storaged daemon
+type storaged, domain;
+type storaged_exec, exec_type, file_type;
+
+init_daemon_domain(storaged)
+
+# Write to /dev/kmsg (opened in init)
+allow storaged kmsg_device:chr_file { write append };
+
+# Read access to pseudo filesystems
+allow storaged proc:dir r_dir_perms;
+r_dir_file(storaged, sysfs_type)
+r_dir_file(storaged, proc_net)
+
+# Read access to debugfs
+allow storaged debugfs_mmc:dir search;
+allow storaged debugfs_mmc:file r_file_perms;
+
+

public/file.te

@@ -57,6 +57,7 @@ type fuse, sdcard_type, fs_type, mlstrustedobject;
 type sdcardfs, sdcard_type, fs_type, mlstrustedobject;
 type vfat, sdcard_type, fs_type, mlstrustedobject;
 type debugfs, fs_type;
+type debugfs_mmc, fs_type, debugfs_type;
 type debugfs_trace_marker, fs_type, debugfs_type, mlstrustedobject;
 type debugfs_tracing, fs_type, debugfs_type;
 type pstorefs, fs_type;