Skip to content
Snippets Groups Projects
Commit db559a34 authored by dcashman's avatar dcashman
Browse files

Allow sdcardd tmpfs read access.

Address the following denial:
type=1400 audit(1453854842.899:7): avc: denied { search } for pid=1512 comm="sdcard" name="/" dev="tmpfs" ino=7547 scontext=u:r:sdcardd:s0 tcontext=u:object_r:tmpfs:s0 tclass=dir permissive=0

vold: EmulatedVolume calls sdcard to mount on /storage/emulated.

Bug: 26807309
Change-Id: Ifdd7c356589f95165bba489dd06282a4087e9aee
parent 98f60e5c
No related branches found
No related tags found
No related merge requests found
...@@ -4,6 +4,7 @@ type sdcardd_exec, exec_type, file_type; ...@@ -4,6 +4,7 @@ type sdcardd_exec, exec_type, file_type;
allow sdcardd cgroup:dir create_dir_perms; allow sdcardd cgroup:dir create_dir_perms;
allow sdcardd fuse_device:chr_file rw_file_perms; allow sdcardd fuse_device:chr_file rw_file_perms;
allow sdcardd rootfs:dir mounton; # TODO: deprecated in M allow sdcardd rootfs:dir mounton; # TODO: deprecated in M
allow sdcardd tmpfs:dir r_dir_perms;
allow sdcardd mnt_media_rw_file:dir r_dir_perms; allow sdcardd mnt_media_rw_file:dir r_dir_perms;
allow sdcardd storage_file:dir search; allow sdcardd storage_file:dir search;
allow sdcardd storage_stub_file:dir { search mounton }; allow sdcardd storage_stub_file:dir { search mounton };
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment