reconcile aosp (4da3bb14) after branching. Please do not merge.

Change-Id: Idcd252e39b2c4829201c93b6c99cf368adcb405e

reconcile aosp (4da3bb14) after branching. Please do not merge.
e9c90bdd · Ed Heyl · 2aa727e3 · e9c90bdd · e9c90bdd · e9c90bdd
Commit e9c90bdd authored 10 years ago by Ed Heyl
--- a/app.te
+++ b/app.te
@@ -116,8 +116,8 @@ allow appdomain radio_data_file:file { read write getattr };
 allow untrusted_app system_app_data_file:file { read write getattr };

 # Access SDcard via the fuse mount.
-allow appdomain sdcard_internal:dir create_dir_perms;
-allow appdomain sdcard_internal:file create_file_perms;
+allow appdomain fuse:dir create_dir_perms;
+allow appdomain fuse:file create_file_perms;

 # Allow apps to use the USB Accessory interface.
 # http://developer.android.com/guide/topics/connectivity/usb/accessory.html

--- a/file.te
+++ b/file.te
@@ -28,8 +28,10 @@ type devpts, fs_type, mlstrustedobject;
 type tmpfs, fs_type;
 type shm, fs_type;
 type mqueue, fs_type;
-type sdcard_internal, sdcard_type, fs_type, mlstrustedobject;
-type sdcard_external, sdcard_type, fs_type, mlstrustedobject;
+type fuse, sdcard_type, fs_type, mlstrustedobject;
+type vfat, sdcard_type, fs_type, mlstrustedobject;
+typealias fuse alias sdcard_internal;
+typealias vfat alias sdcard_external;
 type debugfs, fs_type, mlstrustedobject;
 type pstorefs, fs_type;
 type functionfs, fs_type;

--- a/genfs_contexts
+++ b/genfs_contexts
@@ -25,9 +25,9 @@ genfscon cgroup / u:object_r:cgroup:s0
 # sysfs labels can be set by userspace.
 genfscon sysfs / u:object_r:sysfs:s0
 genfscon inotifyfs / u:object_r:inotify:s0
-genfscon vfat / u:object_r:sdcard_external:s0
+genfscon vfat / u:object_r:vfat:s0
 genfscon debugfs / u:object_r:debugfs:s0
-genfscon fuse / u:object_r:sdcard_internal:s0
+genfscon fuse / u:object_r:fuse:s0
 genfscon pstore / u:object_r:pstorefs:s0
 genfscon functionfs / u:object_r:functionfs:s0
 genfscon usbfs / u:object_r:usbfs:s0
--- a/kernel.te
+++ b/kernel.te
@@ -35,7 +35,7 @@ dontaudit kernel self:security setenforce;
 allow kernel self:security setcheckreqprot;

 # MTP sync
-allow kernel sdcard_internal:file { read write };
+allow kernel fuse:file { read write };

 ###
 ### neverallow rules

--- a/recovery.te
+++ b/recovery.te
@@ -89,13 +89,10 @@ recovery_only(`
  # Use setfscreatecon() to label files for OTA updates.
  allow recovery self:process setfscreate;

-  # Allow recovery to create a fuse filesystem, and read files from
-  # it.  (Note that all files on fuse filesystems are labeled
-  # "sdcard_internal"; the simulated SD card is the only other user of
-  # fuse.)
+  # Allow recovery to create a fuse filesystem, and read files from it.
  allow recovery fuse_device:chr_file rw_file_perms;
-  allow recovery sdcard_internal:dir r_dir_perms;
-  allow recovery sdcard_internal:file r_file_perms;
+  allow recovery fuse:dir r_dir_perms;
+  allow recovery fuse:file r_file_perms;

  wakelock_use(recovery)