Merge "Allow init and vold writing misc block device." into nyc-dev

commit: 541e9d50d1ee071895b5e33c519018e5ce3635a1 [log] [tgz]
author: Yabin Cui <yabinc@google.com> Fri Apr 08 21:03:42 2016 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> Fri Apr 08 21:03:42 2016 +0000
tree: 00d03482211e4854b40bcd742ddd219b5bbcf3ae
parent: 3e8d1bf8c5ba6dc65f67d655dadb881d724b629e [diff]
parent: c1a23d04977ed2f073eaf25a86f739ab1d3ce9de [diff]
diff --git a/init.te b/init.te
index c8b39eb..d8ed8b8 100644
--- a/init.te
+++ b/init.te

@@ -286,6 +286,9 @@
 
 unix_socket_connect(init, vold, vold)
 
+# Raw writes to misc block device
+allow init misc_block_device:blk_file w_file_perms;
+
 ###
 ### neverallow rules
 ###

diff --git a/vold.te b/vold.te
index 5663562..6d5d994 100644
--- a/vold.te
+++ b/vold.te

@@ -189,6 +189,9 @@
 allow vold user_profile_data_file:dir create_dir_perms;
 allow vold user_profile_foreign_dex_data_file:dir { getattr setattr };
 
+# Raw writes to misc block device
+allow vold misc_block_device:blk_file w_file_perms;
+
 neverallow { domain -vold } vold_data_file:dir ~{ open create read getattr setattr search relabelto ioctl };
 neverallow { domain -vold } vold_data_file:notdevfile_class_set ~{ relabelto getattr };
 neverallow { domain -vold -init } vold_data_file:dir *;
commit	541e9d50d1ee071895b5e33c519018e5ce3635a1	[log] [tgz]
author	Yabin Cui <yabinc@google.com>	Fri Apr 08 21:03:42 2016 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	Fri Apr 08 21:03:42 2016 +0000
tree	00d03482211e4854b40bcd742ddd219b5bbcf3ae
parent	3e8d1bf8c5ba6dc65f67d655dadb881d724b629e [diff]
parent	c1a23d04977ed2f073eaf25a86f739ab1d3ce9de [diff]