Add permissions required to install the DSU to a SD card
Bug: 171861574
Test: execute following command on a device with a SD card inserted
adb shell am start-activity \
-n com.android.dynsystem/com.android.dynsystem.VerificationActivity \
-a android.os.image.action.START_INSTALL \
-d file:///storage/emulated/0/Download/system.raw.gz \
--el KEY_SYSTEM_SIZE $(du -b system.raw|cut -f1) \
--el KEY_USERDATA_SIZE 4294967296
Change-Id: I5c1c170ade9c570c7dab7cb7aff5f099db4b3d8c
diff --git a/private/gsid.te b/private/gsid.te
index fe1d08e..a0b74b6 100644
--- a/private/gsid.te
+++ b/private/gsid.te
@@ -64,10 +64,11 @@
# When installing images to an sdcard, gsid needs to be able to stat() the
# block device. gsid also calls realpath() to remove symlinks.
allow gsid mnt_media_rw_file:dir r_dir_perms;
+allow gsid mnt_media_rw_stub_file:dir r_dir_perms;
# When installing images to an sdcard, gsid must bypass sdcardfs and install
# directly to vfat, which supports the FIBMAP ioctl.
-allow gsid vfat:dir rw_dir_perms;
+allow gsid vfat:dir create_dir_perms;
allow gsid vfat:file create_file_perms;
allow gsid sdcard_block_device:blk_file r_file_perms;
# This is needed for FIBMAP unfortunately. Oddly FIEMAP does not carry this
diff --git a/private/kernel.te b/private/kernel.te
index 70ca912..5341163 100644
--- a/private/kernel.te
+++ b/private/kernel.te
@@ -30,3 +30,4 @@
allow kernel snapuserd_exec:file relabelto;
allow kernel kmsg_device:chr_file write;
+allow kernel gsid:fd use;