Allow shell and adbd access to media_rw_data_file for now.

With sdcardfs, we no longer have a separate sdcardd acting as an intermediate between the outside world and /data/media. Unless we modify sdcardfs to change contexts, we need these. Remove this patch if sdcardfs is updated to change the secontext of fs accesses. Bug: 27925072 Change-Id: I3ad37c0f12836249c83042bdc1111b6360f22b3c

Allow shell and adbd access to media_rw_data_file for now.
bb90999e · Daniel Rosenberg · f19fb0c9 · bb90999e · bb90999e
Commit bb90999e authored 8 years ago by Daniel Rosenberg
--- a/adbd.te
+++ b/adbd.te
@@ -100,3 +100,7 @@ allow adbd storage_file:dir r_dir_perms;
 allow adbd storage_file:lnk_file r_file_perms;
 allow adbd mnt_user_file:dir r_dir_perms;
 allow adbd mnt_user_file:lnk_file r_file_perms;
+
+# Access to /data/media.
+allow adbd media_rw_data_file:dir create_dir_perms;
+allow adbd media_rw_data_file:file create_file_perms;
--- a/shell.te
+++ b/shell.te
@@ -122,6 +122,10 @@ allow shell sysfs:dir r_dir_perms;
 # Allow access to ion memory allocation device.
 allow shell ion_device:chr_file rw_file_perms;

+# Access to /data/media.
+allow shell media_rw_data_file:dir create_dir_perms;
+allow shell media_rw_data_file:file create_file_perms;
+
 ###
 ### Neverallow rules
 ###