From bb90999e9aa3ca4692f0e54f029385822f3bdd2d Mon Sep 17 00:00:00 2001
From: Daniel Rosenberg <drosen@google.com>
Date: Wed, 30 Mar 2016 18:02:04 -0700
Subject: [PATCH] Allow shell and adbd access to media_rw_data_file for now.

With sdcardfs, we no longer have a separate sdcardd acting as
an intermediate between the outside world and /data/media.
Unless we modify sdcardfs to change contexts, we need these.

Remove this patch if sdcardfs is updated to change the
secontext of fs accesses.

Bug: 27925072
Change-Id: I3ad37c0f12836249c83042bdc1111b6360f22b3c
---
 adbd.te  | 4 ++++
 shell.te | 4 ++++
 2 files changed, 8 insertions(+)

diff --git a/adbd.te b/adbd.te
index de0c981dd..27ffdd845 100644
--- a/adbd.te
+++ b/adbd.te
@@ -100,3 +100,7 @@ allow adbd storage_file:dir r_dir_perms;
 allow adbd storage_file:lnk_file r_file_perms;
 allow adbd mnt_user_file:dir r_dir_perms;
 allow adbd mnt_user_file:lnk_file r_file_perms;
+
+# Access to /data/media.
+allow adbd media_rw_data_file:dir create_dir_perms;
+allow adbd media_rw_data_file:file create_file_perms;
diff --git a/shell.te b/shell.te
index d1c385b94..fc5c2768b 100644
--- a/shell.te
+++ b/shell.te
@@ -122,6 +122,10 @@ allow shell sysfs:dir r_dir_perms;
 # Allow access to ion memory allocation device.
 allow shell ion_device:chr_file rw_file_perms;
 
+# Access to /data/media.
+allow shell media_rw_data_file:dir create_dir_perms;
+allow shell media_rw_data_file:file create_file_perms;
+
 ###
 ### Neverallow rules
 ###
-- 
GitLab