omni: sepolicy: fixup extended fs rules
for ntfs and exfat
Change-Id: I5d22e83958a3a731799b7fe6c7f0c119128ddc0b
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index 5e6018e..1233804 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -7,12 +7,15 @@
# mkfs
/system/bin/mkfs\.exfat u:object_r:mkfs_exec:s0
-/system/bin/mkfs\.f2fs u:object_r:mkfs_exec:s0
/system/bin/mkfs\.ntfs u:object_r:mkfs_exec:s0
# fsck
/system/bin/fsck\.ntfs u:object_r:fsck_exec:s0
+/system/bin/fsck\.exfat u:object_r:fsck_exec:s0
+
+# mount
/system/bin/mount\.exfat u:object_r:fsck_exec:s0
+/system/bin/mount\.ntfs u:object_r:fsck_exec:s0
# wakelocks
/sys/kernel/debug/wakeup_sources u:object_r:debugsfs_wakelock:s0
diff --git a/sepolicy/fsck_untrusted.te b/sepolicy/fsck_untrusted.te
index d835967..0981fb2 100644
--- a/sepolicy/fsck_untrusted.te
+++ b/sepolicy/fsck_untrusted.te
@@ -7,4 +7,7 @@
allow fsck_untrusted mnt_media_rw_file:file rw_file_perms;
allow fsck_untrusted fuse_device:chr_file { read write open getattr };
allow fsck_untrusted fuse_device:filesystem mount;
+allow fsck_untrusted block_device:dir getattr;
+allow fsck_untrusted media_rw_data_file:dir { search getattr };
+allow fsck_untrusted tmpfs:dir { search };
diff --git a/sepolicy/vold.te b/sepolicy/vold.te
index a72bcdf..9d05d8b 100644
--- a/sepolicy/vold.te
+++ b/sepolicy/vold.te
@@ -21,3 +21,5 @@
allow vold fuse_device:dir getattr;
allow vold fuse_device:filesystem unmount;
+allow vold fsck_exec:lnk_file { read };
+