From e9c90bddcea8d3d466fbc34361a7feea3eea4ad3 Mon Sep 17 00:00:00 2001
From: Ed Heyl <edheyl@google.com>
Date: Mon, 14 Jul 2014 23:29:21 -0700
Subject: [PATCH] reconcile aosp (4da3bb1481e4e894a7dee3f3b9ec8cef6f6b1aed)
 after branching. Please do not merge.

Change-Id: Idcd252e39b2c4829201c93b6c99cf368adcb405e
---
 app.te         | 4 ++--
 file.te        | 6 ++++--
 genfs_contexts | 4 ++--
 kernel.te      | 2 +-
 recovery.te    | 9 +++------
 5 files changed, 12 insertions(+), 13 deletions(-)

diff --git a/app.te b/app.te
index 5b8fde6fc..2d6416f3e 100644
--- a/app.te
+++ b/app.te
@@ -116,8 +116,8 @@ allow appdomain radio_data_file:file { read write getattr };
 allow untrusted_app system_app_data_file:file { read write getattr };
 
 # Access SDcard via the fuse mount.
-allow appdomain sdcard_internal:dir create_dir_perms;
-allow appdomain sdcard_internal:file create_file_perms;
+allow appdomain fuse:dir create_dir_perms;
+allow appdomain fuse:file create_file_perms;
 
 # Allow apps to use the USB Accessory interface.
 # http://developer.android.com/guide/topics/connectivity/usb/accessory.html
diff --git a/file.te b/file.te
index eb7cb9047..99c383975 100644
--- a/file.te
+++ b/file.te
@@ -28,8 +28,10 @@ type devpts, fs_type, mlstrustedobject;
 type tmpfs, fs_type;
 type shm, fs_type;
 type mqueue, fs_type;
-type sdcard_internal, sdcard_type, fs_type, mlstrustedobject;
-type sdcard_external, sdcard_type, fs_type, mlstrustedobject;
+type fuse, sdcard_type, fs_type, mlstrustedobject;
+type vfat, sdcard_type, fs_type, mlstrustedobject;
+typealias fuse alias sdcard_internal;
+typealias vfat alias sdcard_external;
 type debugfs, fs_type, mlstrustedobject;
 type pstorefs, fs_type;
 type functionfs, fs_type;
diff --git a/genfs_contexts b/genfs_contexts
index a01883347..ab4e045a2 100644
--- a/genfs_contexts
+++ b/genfs_contexts
@@ -25,9 +25,9 @@ genfscon cgroup / u:object_r:cgroup:s0
 # sysfs labels can be set by userspace.
 genfscon sysfs / u:object_r:sysfs:s0
 genfscon inotifyfs / u:object_r:inotify:s0
-genfscon vfat / u:object_r:sdcard_external:s0
+genfscon vfat / u:object_r:vfat:s0
 genfscon debugfs / u:object_r:debugfs:s0
-genfscon fuse / u:object_r:sdcard_internal:s0
+genfscon fuse / u:object_r:fuse:s0
 genfscon pstore / u:object_r:pstorefs:s0
 genfscon functionfs / u:object_r:functionfs:s0
 genfscon usbfs / u:object_r:usbfs:s0
diff --git a/kernel.te b/kernel.te
index 422edc9e5..b8a8cf28b 100644
--- a/kernel.te
+++ b/kernel.te
@@ -35,7 +35,7 @@ dontaudit kernel self:security setenforce;
 allow kernel self:security setcheckreqprot;
 
 # MTP sync
-allow kernel sdcard_internal:file { read write };
+allow kernel fuse:file { read write };
 
 ###
 ### neverallow rules
diff --git a/recovery.te b/recovery.te
index 03dbf4ca0..aac201b8d 100644
--- a/recovery.te
+++ b/recovery.te
@@ -89,13 +89,10 @@ recovery_only(`
   # Use setfscreatecon() to label files for OTA updates.
   allow recovery self:process setfscreate;
 
-  # Allow recovery to create a fuse filesystem, and read files from
-  # it.  (Note that all files on fuse filesystems are labeled
-  # "sdcard_internal"; the simulated SD card is the only other user of
-  # fuse.)
+  # Allow recovery to create a fuse filesystem, and read files from it.
   allow recovery fuse_device:chr_file rw_file_perms;
-  allow recovery sdcard_internal:dir r_dir_perms;
-  allow recovery sdcard_internal:file r_file_perms;
+  allow recovery fuse:dir r_dir_perms;
+  allow recovery fuse:file r_file_perms;
 
   wakelock_use(recovery)
 
-- 
GitLab