Gitiles
Code Review Sign In
gerrit.omnirom.org / android_vendor_omni / 84652019f34ff20e2db93d0dc348b13e14699494^! / .
commit84652019f34ff20e2db93d0dc348b13e14699494[log] [tgz]
authormaxwen <max.weninger@gmail.com>Thu Dec 29 17:19:03 2016 +0100
committermaxwen <max.weninger@gmail.com>Sat Dec 31 17:26:36 2016 +0100
treea6c8efaac8f913d29c48331db88475da416087e5
parent31664d64f2c07875549eec8a79e63911395cc175 [diff]
sepolicy: support fuse external exfat sdcard

also missing for renderscript filters in gallery2

Change-Id: I2217bb473e6878b26e8b0e234025f8be8f1953a4

diff --git a/sepolicy/platform_app.te b/sepolicy/platform_app.te
index 8457c6f..7c7392f 100644
--- a/sepolicy/platform_app.te
+++ b/sepolicy/platform_app.te

@@ -9,6 +9,9 @@
 # gallery2 crop avatar
 allow platform_app system_app_data_file:file { create_file_perms rw_file_perms };
 
+# gallery2 renderscript
+allow platform_app app_data_file:file { execute };
+
 #exfat/ntfs OTG
 allow platform_app fuse_device:dir { rw_dir_perms create_dir_perms };
 allow platform_app fuse_device:file { rw_file_perms create_file_perms };

diff --git a/sepolicy/priv_app.te b/sepolicy/priv_app.te
new file mode 100644
index 0000000..2df7db9
--- /dev/null
+++ b/sepolicy/priv_app.te

@@ -0,0 +1,7 @@
+###########################
+# OmniROM common sepolicy
+
+# exfat
+allow priv_app fuse_device:dir { search r_file_perms };
+allow priv_app fuse_device:file r_file_perms;
+allow priv_app fuse_device:filesystem { getattr };

diff --git a/sepolicy/sdcardd.te b/sepolicy/sdcardd.te
new file mode 100644
index 0000000..dd59d37
--- /dev/null
+++ b/sepolicy/sdcardd.te

@@ -0,0 +1,7 @@
+###########################
+# OmniROM common sepolicy
+
+# exfat
+allow sdcardd fuse_device:dir { remove_name add_name search create rw_file_perms };
+allow sdcardd fuse_device:file { unlink create rw_file_perms };
+allow sdcardd fuse_device:filesystem { getattr };

diff --git a/sepolicy/untrusted_app.te b/sepolicy/untrusted_app.te
index b5a1a21..477599b 100644
--- a/sepolicy/untrusted_app.te
+++ b/sepolicy/untrusted_app.te

@@ -4,5 +4,6 @@
 # exfat OTG
 userdebug_or_eng(`allow untrusted_app mnt_media_rw_file:dir getattr;'
 `allow untrusted_app asec_apk_file:dir getattr;'
-`allow untrusted_app fuse_device:file { getattr read };')
+`allow untrusted_app fuse_device:file { getattr read write open };'
+`allow untrusted_app fuse_device:dir { search };')