omni: sepolicy: Add posix-type fs rules for sdcards. Everything below holds for sdcards formatted with a ext4 / f2fs or alike filesystem. * Allow filesystem context relabeling from vold that is required to set the correct context. * Grant access to the sdcard for untrusted_app, untrusted_app_25, priv_app, and platform_app. * Label files & dirs below a corresponding sdcard with sdcard_posix (set in genfscontext). * Allow installd to get the quota. * Allow sdcard access for the mediaprovider. Change-Id: I7b0347010e7bc11a461b0120f75095d5d6ad0c70 Signed-off-by: Alexander Diewald <Diewi@diewald-net.com>

commit: 259f938886e526bbbedc90430e135299336a4501 [log] [tgz]
author: Alexander Diewald <Diewi@diewald-net.com> Thu Jan 25 22:44:48 2018 +0100
committer: Max Weninger <max.weninger@gmail.com> Mon Feb 19 19:02:53 2018 +0100
tree: 0ba191a71e2d49b0dbab5c2d68e051f6f56b7c71
parent: 55b111e47441c8b0602e1fd0b97e14954ed5f8d7 [diff] [blame]
diff --git a/sepolicy/untrusted_app_25.te b/sepolicy/untrusted_app_25.te
index ff56ae7..667c1da 100644
--- a/sepolicy/untrusted_app_25.te
+++ b/sepolicy/untrusted_app_25.te

@@ -2,4 +2,7 @@
 allow untrusted_app asec_apk_file:dir getattr;
 allow untrusted_app fuse_device:file { getattr read write open };
 allow untrusted_app fuse_device:dir { search };
+allow untrusted_app_25 sdcard_posix:dir r_dir_perms;
+allow untrusted_app_25 sdcard_posix:file rw_file_perms;
+
commit	259f938886e526bbbedc90430e135299336a4501	[log] [tgz]
author	Alexander Diewald <Diewi@diewald-net.com>	Thu Jan 25 22:44:48 2018 +0100
committer	Max Weninger <max.weninger@gmail.com>	Mon Feb 19 19:02:53 2018 +0100
tree	0ba191a71e2d49b0dbab5c2d68e051f6f56b7c71
parent	55b111e47441c8b0602e1fd0b97e14954ed5f8d7 [diff] [blame]