allow kernel to use vold file descriptors
Vold opens ASEC containsers on the sdcard, or OBB files from app's
home directories, both of which are supplied by vold. We need to
allow kernel threads to access those file descriptors.
Addresses the following denial:
loop0 : type=1400 audit(0.0:28): avc: denied { use } for path="/mnt/secure/asec/smdl1159865753.tmp.asec" dev="mmcblk1" ino=19 scontext=u:r:kernel:s0 tcontext=u:r:vold:s0 tclass=fd permissive=0
Bug: 19516891
Change-Id: I5a3607b48f5e0e504e4b3fcaec19152c3784f49d
diff --git a/kernel.te b/kernel.te
index fce05ad..fa8ccd5 100644
--- a/kernel.te
+++ b/kernel.te
@@ -45,6 +45,7 @@
# MTP sync (b/15835289)
# kernel thread "loop0", used by the loop block device, for ASECs (b/17158723)
+allow kernel vold:fd use;
allow kernel sdcard_type:file { read write };
# Allow the kernel to read OBB files from app directories. (b/17428116)