sepolicy/common/vold.te - android_vendor_omni - Gitiles

 ###########################
 # OmniROM common sepolicy
 #

 domain_trans(init, rootfs, vold)

 # Allow vold to manage ASEC
 allow vold sdcard_type:file create_file_perms;
 #allow vold vold_tmpfs:file create_file_perms;

 # Allow vold to access fuse for fuse-based fs
 allow vold fuse_device:chr_file rw_file_perms;

 # NTFS-3g wants to drop permission
 allow vold self:capability { setgid setuid };
 # External storage
 allow vold storage_stub_file:dir { rw_file_perms search add_name };
 allow vold mnt_media_rw_stub_file:dir r_dir_perms;
 allow vold mkfs_exec:file { execute read open getattr execute_no_trans };

 allow vold fuse_device:dir getattr;
 allow vold fuse_device:filesystem unmount;

 allow vold fsck_exec:lnk_file { read };

 # Posix sdcard fs relabeling
 allow vold labeledfs:filesystem { relabelfrom relabelto };
 allow vold sdcard_posix:filesystem { relabelfrom relabelto };
	###########################
	# OmniROM common sepolicy
	#

	domain_trans(init, rootfs, vold)

	# Allow vold to manage ASEC
	allow vold sdcard_type:file create_file_perms;
	#allow vold vold_tmpfs:file create_file_perms;

	# Allow vold to access fuse for fuse-based fs
	allow vold fuse_device:chr_file rw_file_perms;

	# NTFS-3g wants to drop permission
	allow vold self:capability { setgid setuid };
	# External storage
	allow vold storage_stub_file:dir { rw_file_perms search add_name };
	allow vold mnt_media_rw_stub_file:dir r_dir_perms;
	allow vold mkfs_exec:file { execute read open getattr execute_no_trans };

	allow vold fuse_device:dir getattr;
	allow vold fuse_device:filesystem unmount;

	allow vold fsck_exec:lnk_file { read };

	# Posix sdcard fs relabeling
	allow vold labeledfs:filesystem { relabelfrom relabelto };
	allow vold sdcard_posix:filesystem { relabelfrom relabelto };