Merge "vendor: sepolicy: add no fuse access for exfat and ntfs" into android-8.1

commit: acefffce880f3432d149c96461c5ce10f94cad85 [log] [tgz]
author: Marko Man <darkobas@gmail.com> Thu Jan 11 00:18:54 2018 +0100
committer: Gerrit Code Review <gerrit2@gerrit.omnirom.org> Thu Jan 11 00:18:54 2018 +0100
tree: de8917acae9ddbe441cff2320084cfdc5b427390
parent: 69f2a886656c2a280d329fbafd1b56e6985d1fab [diff]
parent: f2db15b4e7c8d89b48cccdcd681b00a74965a137 [diff]
diff --git a/sepolicy/fsck_untrusted.te b/sepolicy/fsck_untrusted.te
index 0981fb2..c1ba526 100644
--- a/sepolicy/fsck_untrusted.te
+++ b/sepolicy/fsck_untrusted.te

@@ -11,3 +11,9 @@
 allow fsck_untrusted media_rw_data_file:dir { search getattr };
 allow fsck_untrusted tmpfs:dir { search };
 
+allow fsck_untrusted toolbox_exec:file entrypoint;
+allow fsck_untrusted toolbox_exec:file r_file_perms;
+allow fsck_untrusted exfat:filesystem mount;
+allow fsck_untrusted self:capability sys_rawio;
+allow fsck_untrusted ntfs:filesystem mount;
+

diff --git a/sepolicy/platform_app.te b/sepolicy/platform_app.te
index 90e4f12..4e9ce97 100644
--- a/sepolicy/platform_app.te
+++ b/sepolicy/platform_app.te

@@ -16,3 +16,9 @@
 
 # MatLog calls dmesg
 allow platform_app kernel:system syslog_read;
+
+# no-fuse
+allow platform_app exfat:dir { rw_dir_perms create_dir_perms };
+allow platform_app exfat:file { rw_file_perms create_file_perms };
+allow platform_app ntfs:dir { rw_dir_perms create_dir_perms };
+allow platform_app ntfs:file { rw_file_perms create_file_perms };
commit	acefffce880f3432d149c96461c5ce10f94cad85	[log] [tgz]
author	Marko Man <darkobas@gmail.com>	Thu Jan 11 00:18:54 2018 +0100
committer	Gerrit Code Review <gerrit2@gerrit.omnirom.org>	Thu Jan 11 00:18:54 2018 +0100
tree	de8917acae9ddbe441cff2320084cfdc5b427390
parent	69f2a886656c2a280d329fbafd1b56e6985d1fab [diff]
parent	f2db15b4e7c8d89b48cccdcd681b00a74965a137 [diff]