commit 9940f4e36b29b2e9af8a9cc363c09d8db226a16d
author maxwen <max.weninger@gmail.com> Sat Mar 11 02:28:49 2017 +0100
committer Max Weninger <max.weninger@gmail.com> Sat Mar 11 02:42:44 2017 +0100
tree 7da67a3f97cde7dd1e2409a0b7fbaafeb32fefc4
parent 34108051f79d699f89966029fa4dd2e417e997fa

omni: sepolicy: bring back sdcard_posix rules

now that they are back in system sepolicy we need them
for ext4/f2fs portable

Change-Id: I6c9ca49cedeadeb6bf085131cd30ee952abdd374

sepolicy/app.te

diff --git a/sepolicy/app.te b/sepolicy/app.te
index f76d836..ab082a9 100644
--- a/sepolicy/app.te
+++ b/sepolicy/app.te
@@ -1,5 +1,5 @@
 # Access OBBs (sdcard_posix) mounted by vold
 # File write access allowed for FDs returned through Storage Access Framework
-#allow appdomain sdcard_posix:dir r_dir_perms;
-#allow appdomain sdcard_posix:file rw_file_perms;
+allow appdomain sdcard_posix:dir r_dir_perms;
+allow appdomain sdcard_posix:file rw_file_perms;
 

sepolicy/platform_app.te

diff --git a/sepolicy/platform_app.te b/sepolicy/platform_app.te
index 7c7392f..a7e21fc 100644
--- a/sepolicy/platform_app.te
+++ b/sepolicy/platform_app.te
@@ -1,10 +1,7 @@
 # Direct access to vold-mounted storage under /mnt/media_rw
 # This is a performance optimization that allows platform apps to bypass the FUSE layer
-#allow platform_app sdcard_posix:dir create_dir_perms;
-#allow platform_app sdcard_posix:file create_file_perms;
-
-# e.g. renderscript in Gallery2 wants execute perms
-#allow platform_app app_data_file:file execute;
+allow platform_app sdcard_posix:dir create_dir_perms;
+allow platform_app sdcard_posix:file create_file_perms;
 
 # gallery2 crop avatar
 allow platform_app system_app_data_file:file { create_file_perms rw_file_perms };