Merge "Grant vold, installd, zygote and apps access to /mnt/pass_through"
This commit is contained in:
commit
5119becf5d
@ -61,6 +61,7 @@
|
||||
light_service
|
||||
linker_prop
|
||||
linkerconfig_file
|
||||
mnt_pass_through_file
|
||||
mock_ota_prop
|
||||
module_sdkextensions_prop
|
||||
ota_metadata_file
|
||||
|
@ -701,6 +701,7 @@
|
||||
# external storage
|
||||
/mnt/media_rw(/.*)? u:object_r:mnt_media_rw_file:s0
|
||||
/mnt/user(/.*)? u:object_r:mnt_user_file:s0
|
||||
/mnt/pass_through(/.*)? u:object_r:mnt_pass_through_file:s0
|
||||
/mnt/sdcard u:object_r:mnt_sdcard_file:s0
|
||||
/mnt/runtime(/.*)? u:object_r:storage_file:s0
|
||||
/storage(/.*)? u:object_r:storage_file:s0
|
||||
|
@ -60,6 +60,9 @@ allow priv_app cache_file:lnk_file r_file_perms;
|
||||
allow priv_app media_rw_data_file:dir create_dir_perms;
|
||||
allow priv_app media_rw_data_file:file create_file_perms;
|
||||
|
||||
# Access to /mnt/pass_through.
|
||||
allow priv_app mnt_pass_through_file:dir r_dir_perms;
|
||||
|
||||
# Used by Finsky / Android "Verify Apps" functionality when
|
||||
# running "adb install foo.apk".
|
||||
allow priv_app shell_data_file:file r_file_perms;
|
||||
|
@ -129,6 +129,10 @@ allow zygote sdcardfs:filesystem { unmount };
|
||||
allow zygote mnt_user_file:dir { create_dir_perms mounton };
|
||||
allow zygote mnt_user_file:lnk_file create_file_perms;
|
||||
allow zygote mnt_user_file:file create_file_perms;
|
||||
|
||||
# Allow mounting user-specific storage source if started before vold.
|
||||
allow zygote mnt_pass_through_file:dir { create_dir_perms mounton };
|
||||
|
||||
# Allowed to mount user-specific storage into place
|
||||
allow zygote storage_file:dir { search mounton };
|
||||
|
||||
|
@ -315,6 +315,7 @@ type incremental_root_file, file_type, data_file_type, core_data_file_type;
|
||||
# Mount locations managed by vold
|
||||
type mnt_media_rw_file, file_type;
|
||||
type mnt_user_file, file_type;
|
||||
type mnt_pass_through_file, file_type;
|
||||
type mnt_expand_file, file_type;
|
||||
type mnt_sdcard_file, file_type;
|
||||
type storage_file, file_type;
|
||||
|
@ -57,6 +57,9 @@ allow installd system_data_file:dir create_dir_perms;
|
||||
# optimizing application code.
|
||||
allow installd system_data_file:lnk_file { create getattr read setattr unlink };
|
||||
|
||||
# Manage lower filesystem via pass_through mounts
|
||||
allow installd mnt_pass_through_file:dir r_dir_perms;
|
||||
|
||||
# Upgrade /data/media for multi-user if necessary.
|
||||
allow installd media_rw_data_file:dir create_dir_perms;
|
||||
allow installd media_rw_data_file:file { getattr unlink };
|
||||
|
@ -109,6 +109,10 @@ allow vold mnt_user_file:dir { create_dir_perms mounton };
|
||||
allow vold mnt_user_file:lnk_file create_file_perms;
|
||||
allow vold mnt_user_file:file create_file_perms;
|
||||
|
||||
# Manage per-user pass_through primary symlinks
|
||||
allow vold mnt_pass_through_file:dir { create_dir_perms mounton };
|
||||
allow vold mnt_pass_through_file:lnk_file create_file_perms;
|
||||
|
||||
# Allow to create and mount expanded storage
|
||||
allow vold mnt_expand_file:dir { create_dir_perms mounton };
|
||||
allow vold apk_data_file:dir { create getattr setattr };
|
||||
|
Loading…
Reference in New Issue
Block a user