Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / eb5b76aa904db6fe5210f1aa4e051016a077ed42^2..eb5b76aa904db6fe5210f1aa4e051016a077ed42 / .
commiteb5b76aa904db6fe5210f1aa4e051016a077ed42[log] [tgz]
authorNick Kralevich <nnk@google.com>Tue Sep 30 19:34:55 2014 +0000
committerGerrit Code Review <noreply-gerritcodereview@google.com>Tue Sep 30 19:34:55 2014 +0000
tree75e21eaade496b8f721f6cd03c8df522a585db7b
parentcedee697c3683ac267c0933200e6727f0910d2e6 [diff]
parent476c207840227aba998878179c7869a2c5ef5a7e [diff]
Merge "Mark asec_apk_file as mlstrustedobject."
diff --git a/fsck.te b/fsck.te
index 5766477..d255175 100644
--- a/fsck.te
+++ b/fsck.te

@@ -10,7 +10,7 @@
 allow fsck tmpfs:chr_file { read write ioctl };
 
 # Inherit and use pty created by android_fork_execvp_ext().
-allow fsck devpts:chr_file { read write };
+allow fsck devpts:chr_file { read write ioctl };
 
 # Run e2fsck on block devices.
 # TODO:  Assign userdata and cache block device types to the corresponding

diff --git a/seapp_contexts b/seapp_contexts
index 2b8aec0..f92d118 100644
--- a/seapp_contexts
+++ b/seapp_contexts

@@ -41,12 +41,12 @@
 # level may be used to specify a fixed level for any UID.
 #
 isSystemServer=true domain=system_server
-user=system domain=system_app type=system_app_data_file
-user=bluetooth domain=bluetooth type=bluetooth_data_file
-user=nfc domain=nfc type=nfc_data_file
-user=radio domain=radio type=radio_data_file
-user=shared_relro domain=shared_relro
-user=shell domain=shell type=shell_data_file
+user=system seinfo=platform domain=system_app type=system_app_data_file
+user=bluetooth seinfo=platform domain=bluetooth type=bluetooth_data_file
+user=nfc seinfo=platform domain=nfc type=nfc_data_file
+user=radio seinfo=platform domain=radio type=radio_data_file
+user=shared_relro seinfo=platform domain=shared_relro
+user=shell seinfo=platform domain=shell type=shell_data_file
 user=_isolated domain=isolated_app levelFrom=user
 user=_app seinfo=platform domain=platform_app type=app_data_file levelFrom=user
 user=_app domain=untrusted_app type=app_data_file levelFrom=user

diff --git a/vold.te b/vold.te
index 6200896..ef3924b 100644
--- a/vold.te
+++ b/vold.te

@@ -38,6 +38,9 @@
 
 write_klog(vold)
 
+# Run fsck.
+allow vold fsck_exec:file rx_file_perms;
+
 # Log fsck results
 allow vold fscklogs:dir rw_dir_perms;
 allow vold fscklogs:file create_file_perms;