Merge "vold: grant perms from domain_deprecated" am: 1cf93217fa am: 9001f6f892 * commit '9001f6f892a8a9eb73dd27c040ab6398ec238fe5': vold: grant perms from domain_deprecated

commit: 739f31f09d9f13f7a6dc3cf7668ced3ab86860aa [log] [tgz]
author: Jeffrey Vander Stoep <jeffv@google.com> Wed Jan 27 23:53:08 2016 +0000
committer: android-build-merger <android-build-merger@google.com> Wed Jan 27 23:53:08 2016 +0000
tree: 6958c4e1161a74f98180f50da8e66f7981047832
parent: e618841de3ff6b6d166b90334c10a45f3c714cd3 [diff]
parent: 9001f6f892a8a9eb73dd27c040ab6398ec238fe5 [diff]
diff --git a/vold.te b/vold.te
index e16ec73..67e461a 100644
--- a/vold.te
+++ b/vold.te

@@ -8,6 +8,17 @@
 domain_auto_trans(vold, sgdisk_exec, sgdisk);
 domain_auto_trans(vold, sdcardd_exec, sdcardd);
 
+# Read already opened /cache files.
+allow vold cache_file:dir r_dir_perms;
+allow vold cache_file:file { getattr read };
+allow vold cache_file:lnk_file r_file_perms;
+
+# Read access to pseudo filesystems.
+r_dir_file(vold, proc)
+r_dir_file(vold, proc_net)
+r_dir_file(vold, sysfs)
+r_dir_file(vold, rootfs)
+
 # For a handful of probing tools, we choose an even more restrictive
 # domain when working with untrusted block devices
 domain_trans(vold, shell_exec, blkid);
commit	739f31f09d9f13f7a6dc3cf7668ced3ab86860aa	[log] [tgz]
author	Jeffrey Vander Stoep <jeffv@google.com>	Wed Jan 27 23:53:08 2016 +0000
committer	android-build-merger <android-build-merger@google.com>	Wed Jan 27 23:53:08 2016 +0000
tree	6958c4e1161a74f98180f50da8e66f7981047832
parent	e618841de3ff6b6d166b90334c10a45f3c714cd3 [diff]
parent	9001f6f892a8a9eb73dd27c040ab6398ec238fe5 [diff]