commit b16aaef36f31fc13b431fc9f405bb8cd461773ea
author Jeff Sharkey <jsharkey@android.com> Sun Mar 26 23:49:29 2017 +0000
committer android-build-merger <android-build-merger@google.com> Sun Mar 26 23:49:29 2017 +0000
tree 920a559eac263452bbcc630af26c537561cde54f
parent 581bd5446b4500702ec7f6c468fa63bec7299e87
parent a4960ef90f19feabcfa698e518ff450b9336a88a

Grant kernel access to new "virtual_disk" file. am: 3f724c95a8 am: 9222988479
am: a4960ef90f

Change-Id: Ia6fbb2aae4d5c66e868e43b279748a7a96ae3bf7

public/kernel.te

diff --git a/public/kernel.te b/public/kernel.te
index d1463dc..a93c8e9 100644
--- a/public/kernel.te
+++ b/public/kernel.te
@@ -73,6 +73,9 @@
 allow kernel media_rw_data_file:dir create_dir_perms;
 allow kernel media_rw_data_file:file create_file_perms;
 
+# Access to /data/misc/vold/virtual_disk.
+allow kernel vold_data_file:file read;
+
 ###
 ### neverallow rules
 ###

public/vold.te

diff --git a/public/vold.te b/public/vold.te
index 88de4fd..f4a3916 100644
--- a/public/vold.te
+++ b/public/vold.te
@@ -175,9 +175,9 @@
 allow vold misc_block_device:blk_file w_file_perms;
 
 neverallow { domain -vold } vold_data_file:dir ~{ open create read getattr setattr search relabelto ioctl };
-neverallow { domain -vold } vold_data_file:notdevfile_class_set ~{ relabelto getattr };
+neverallow { domain -vold -kernel } vold_data_file:notdevfile_class_set ~{ relabelto getattr };
 neverallow { domain -vold -init } vold_data_file:dir *;
-neverallow { domain -vold -init } vold_data_file:notdevfile_class_set *;
+neverallow { domain -vold -init -kernel } vold_data_file:notdevfile_class_set *;
 neverallow { domain -vold -init } restorecon_prop:property_service set;
 
 neverallow vold fsck_exec:file execute_no_trans;