commit c960596cc346a94d15dcfff51a7e25ddf4edbd19
author Jeff Sharkey <jsharkey@android.com> Thu May 14 20:55:31 2015 -0700
committer Jeff Sharkey <jsharkey@android.com> Thu May 14 20:55:33 2015 -0700
tree 44dd0d1902049cb785a30d9a605e6f75b5583a39
parent ae6969440bcd1587b8df20e246d63329d17c0a75

drop_caches label, vold scratch space on expanded.

Define an explicit label for /proc/sys/vm/drop_caches and grant to
the various people who need it, including vold which uses it when
performing storage benchmarks.

Also let vold create new directories under it's private storage area
where the benchmarks will be carried out.  Mirror the definition of
the private storage area on expanded media.

avc: denied { write } for name="drop_caches" dev="proc" ino=20524 scontext=u:r:vold:s0 tcontext=u:object_r:proc:s0 tclass=file permissive=0

Bug: 21172095
Change-Id: I300b1cdbd235ff60e64064d3ba6e5ea783baf23f

install_recovery.te

diff --git a/install_recovery.te b/install_recovery.te
index 1385220..2d80b08 100644
--- a/install_recovery.te
+++ b/install_recovery.te
@@ -23,6 +23,4 @@
 allow install_recovery cache_file:file create_file_perms;
 
 # Write to /proc/sys/vm/drop_caches
-# TODO: create a specific label for this file instead of allowing
-# write for all /proc files.
-allow install_recovery proc:file w_file_perms;
+allow install_recovery proc_drop_caches:file w_file_perms;