commit 259f938886e526bbbedc90430e135299336a4501
author Alexander Diewald <Diewi@diewald-net.com> Thu Jan 25 22:44:48 2018 +0100
committer Max Weninger <max.weninger@gmail.com> Mon Feb 19 19:02:53 2018 +0100
tree 0ba191a71e2d49b0dbab5c2d68e051f6f56b7c71
parent 55b111e47441c8b0602e1fd0b97e14954ed5f8d7

omni: sepolicy: Add posix-type fs rules for sdcards.

Everything below holds for sdcards formatted with a
ext4 / f2fs or alike filesystem.

* Allow filesystem context relabeling from vold that is
  required to set the correct context.
* Grant access to the sdcard for untrusted_app,
  untrusted_app_25, priv_app, and platform_app.
* Label files & dirs below a corresponding sdcard with
  sdcard_posix (set in genfscontext).
* Allow installd to get the quota.
* Allow sdcard access for the mediaprovider.

Change-Id: I7b0347010e7bc11a461b0120f75095d5d6ad0c70
Signed-off-by: Alexander Diewald <Diewi@diewald-net.com>

sepolicy/priv_app.te

diff --git a/sepolicy/priv_app.te b/sepolicy/priv_app.te
index d7caf8e..3178323 100644
--- a/sepolicy/priv_app.te
+++ b/sepolicy/priv_app.te
@@ -6,6 +6,10 @@
 allow priv_app fuse_device:file r_file_perms;
 allow priv_app fuse_device:filesystem { getattr };
 
+# posix-type fs
+allow priv_app sdcard_posix:dir r_dir_perms;
+allow priv_app sdcard_posix:file rw_file_perms;
+
 # MatLog calls dmesg
 allow priv_app kernel:system syslog_read;