sepolicy: Resolve sdcardfs denial madness

Change-Id: I375c043fa98c4bedf4f2d627303a372fa50a3d35
author: Arne Coucheron <arco68@gmail.com> 2016-07-28 06:15:44 +0200
committer: Arne Coucheron <arco68@gmail.com> 2016-08-16 07:05:26 +0200
commit: 472abee09c43e2357d54b2f5f74ae63594fa759e (patch)
tree: 386dc21a4f920363103bcc61239c7b7e6f5dfb80
parent: 7a47aff2ca72465bf72851c98d1e91ace1c7e80f (diff)
2 files changed, 13 insertions, 0 deletions
diff --git a/sepolicy/device/shell.te b/sepolicy/device/shell.te
index 1def3e8..c820578 100644
--- a/sepolicy/device/shell.te
+++ b/sepolicy/device/shell.te
@@ -8,3 +8,10 @@ allow shell perfprofd_exec:file { getattr };
 allow shell vold_exec:file { getattr };
 allow shell vdc_exec:file { getattr };
 
+# sdcardfs madness
+allow shell media_rw_data_file:dir create_dir_perms;
+allow shell media_rw_data_file:file create_file_perms;
+allow shell vfat:dir create_dir_perms;
+allow shell vfat:file create_file_perms;
+allow shell sdcard_posix:dir create_dir_perms;
+allow shell sdcard_posix:file create_file_perms;
diff --git a/sepolicy/device/untrusted_app.te b/sepolicy/device/untrusted_app.te
index 8f82a7f..54dfd22 100644
--- a/sepolicy/device/untrusted_app.te
+++ b/sepolicy/device/untrusted_app.te
@@ -13,3 +13,9 @@ allow untrusted_app efs_file:dir { getattr };
 allow untrusted_app device:dir { read open };
 allow untrusted_app block_device:dir { read open };
 allow untrusted_app storage_stub_file:dir { getattr };
+
+# sdcardfs madness
+allow untrusted_app vfat:dir create_dir_perms;
+allow untrusted_app vfat:file create_file_perms;
+allow untrusted_app sdcard_posix:dir create_dir_perms;
+allow untrusted_app sdcard_posix:file create_file_perms;
author	Arne Coucheron <arco68@gmail.com>	2016-07-28 06:15:44 +0200
committer	Arne Coucheron <arco68@gmail.com>	2016-08-16 07:05:26 +0200
commit	472abee09c43e2357d54b2f5f74ae63594fa759e (patch)
tree	386dc21a4f920363103bcc61239c7b7e6f5dfb80
parent	7a47aff2ca72465bf72851c98d1e91ace1c7e80f (diff)