kirin970-common: sepolicy: Address vold denials

author: LuK1337 <priv.luk@gmail.com> 2018-12-12 13:51:52 +0100
committer: LuK1337 <priv.luk@gmail.com> 2018-12-12 14:55:09 +0100
commit: bde2f18522540d54d3ce19858f4a670e06bd24e8 (patch)
tree: c369580d9e4fa7d55617d91822e2020a40adda3f
parent: 25b1a0c8f599eaf7a5b6db6b17e1b5ab3b3ab5c6 (diff)
2 files changed, 12 insertions, 0 deletions
diff --git a/sepolicy/private/vold.te b/sepolicy/private/vold.te
new file mode 100644
index 0000000..230d8c6
--- /dev/null
+++ b/sepolicy/private/vold.te
@@ -0,0 +1,9 @@
+# Allow vold to unmount block devices
+allow vold {
+    hisee_data_file
+    modem_nv_file
+    modem_secure_file
+}:filesystem unmount;
+
+# Allow vold to list files in mnt_modem_file
+allow vold mnt_modem_file:dir search;
diff --git a/sepolicy/public/file.te b/sepolicy/public/file.te
index 5ddae50..c9eb648 100644
--- a/sepolicy/public/file.te
+++ b/sepolicy/public/file.te
@@ -9,6 +9,9 @@ type jank_device, dev_type, mlstrustedobject;
 type misc_dev_block, dev_type;
 type mke2fs_blkdev, dev_type;
 type modem_log_file, dev_type;
+type modem_nv_file, file_type;
+type modem_secure_file, file_type;
+type mnt_modem_file, file_type;
 type oeminfo_nvm_device, dev_type;
 type pmom_device, dev_type;
 type recovery_device, dev_type;
author	LuK1337 <priv.luk@gmail.com>	2018-12-12 13:51:52 +0100
committer	LuK1337 <priv.luk@gmail.com>	2018-12-12 14:55:09 +0100
commit	bde2f18522540d54d3ce19858f4a670e06bd24e8 (patch)
tree	c369580d9e4fa7d55617d91822e2020a40adda3f
parent	25b1a0c8f599eaf7a5b6db6b17e1b5ab3b3ab5c6 (diff)