Merge "Allow zygote to create files under sdcardfs."

commit: be3748da12bd2276c1f8c1e002b27391f8968a2a [log] [tgz]
author: Sudheer Shanka <sudheersai@google.com> Thu Feb 14 18:51:07 2019 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Thu Feb 14 18:51:07 2019 +0000
tree: 37d0ebe8ce4ad2e8c18ab9a126be8b71094885a9
parent: 829211770319b4fd6b0dbf34a0fcefbef5ffeaeb [diff]
parent: 868c075e0ee4d6872968d28760785d18069a8a6b [diff]
diff --git a/private/zygote.te b/private/zygote.te
index c8bd87e..9fc0998 100644
--- a/private/zygote.te
+++ b/private/zygote.te

@@ -100,7 +100,8 @@
 # TODO: reduce this back to only sdcardfs once b/123533205 is root-caused
 # (Technically "sdcardfs" and "media_rw_data_file" are equivalent, since
 # sdcardfs simply wraps files stored under /data/media.)
-allow zygote { sdcardfs media_rw_data_file vfat }:dir { create_dir_perms mounton };
+allow zygote { sdcard_type media_rw_data_file }:dir { create_dir_perms mounton };
+allow zygote { sdcard_type media_rw_data_file }:file { create_file_perms };
 
 # Handle --invoke-with command when launching Zygote with a wrapper command.
 allow zygote zygote_exec:file rx_file_perms;
commit	be3748da12bd2276c1f8c1e002b27391f8968a2a	[log] [tgz]
author	Sudheer Shanka <sudheersai@google.com>	Thu Feb 14 18:51:07 2019 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Thu Feb 14 18:51:07 2019 +0000
tree	37d0ebe8ce4ad2e8c18ab9a126be8b71094885a9
parent	829211770319b4fd6b0dbf34a0fcefbef5ffeaeb [diff]
parent	868c075e0ee4d6872968d28760785d18069a8a6b [diff]