vendor: add exfat and ntfs perms for vold
Change-Id: Ia350d6373f13de4dfab9c2fc6456d8d53de554a9
diff --git a/sepolicy/private/file_contexts b/sepolicy/private/file_contexts
index b62ada7..f7f40ff 100644
--- a/sepolicy/private/file_contexts
+++ b/sepolicy/private/file_contexts
@@ -4,4 +4,8 @@
/system/bin/backuptool_postinstall\.sh u:object_r:otapreopt_chroot_exec:s0
# Set disk scheduler via init
-/sys/block/[^/]+/queue/scheduler u:object_r:sysfs_block_scheduler:s0
+/sys/block/[^/]+/queue/scheduler u:object_r:sysfs_block_scheduler:s0
+
+/system/bin/fsck\.ntfs u:object_r:fsck_exec:s0
+/system/bin/fsck\.exfat u:object_r:fsck_exec:s0
+/system/bin/mount\.exfat u:object_r:fsck_exec:s0
diff --git a/sepolicy/private/fsck_untrusted.te b/sepolicy/private/fsck_untrusted.te
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/sepolicy/private/fsck_untrusted.te
diff --git a/sepolicy/private/vold.te b/sepolicy/private/vold.te
new file mode 100644
index 0000000..52b61e5
--- /dev/null
+++ b/sepolicy/private/vold.te
@@ -0,0 +1,4 @@
+#============= vold ==============
+allow vold block_device:blk_file { getattr };
+allow vold fsck_exec:lnk_file read;
+
diff --git a/sepolicy/public/fsck_untrusted.te b/sepolicy/public/fsck_untrusted.te
new file mode 100644
index 0000000..a08c640
--- /dev/null
+++ b/sepolicy/public/fsck_untrusted.te
@@ -0,0 +1,5 @@
+#============= fsck_untrusted ==============
+allow fsck_untrusted block_device:dir { getattr read open };
+allow fsck_untrusted media_rw_data_file:dir { getattr read open };
+allow fsck_untrusted self:capability sys_admin;
+
diff --git a/sepolicy/sepolicy.mk b/sepolicy/sepolicy.mk
index 3759983..658562b 100644
--- a/sepolicy/sepolicy.mk
+++ b/sepolicy/sepolicy.mk
@@ -7,3 +7,4 @@
vendor/omni/sepolicy/common
BOARD_PLAT_PRIVATE_SEPOLICY_DIR += vendor/omni/sepolicy/private
+BOARD_PLAT_PUBLIC_SEPOLICY_DIR += vendor/omni/sepolicy/public