Allow zygote to go into media directory to bind mount obb dir

Bug: 148049767 Change-Id: I2134de4df0db3268340fcfec6ad1cb8a94e3e8f9
2020-02-17 19:34:43 +00:00 · 2020-02-17 19:34:43 +00:00 · ad538514a7
commit ad538514a7
parent 281afd81fa
1 changed files with 6 additions and 0 deletions
--- a/private/zygote.te
+++ b/private/zygote.te
@ -66,6 +66,12 @@ allow zygote { user_profile_data_file }:dir { mounton search };
 # Create and bind dirs on /data/data
 allow zygote tmpfs:dir { create_dir_perms mounton };

+# Goes into media directory and bind mount obb directory
+allow zygote media_rw_data_file:dir { getattr search };
+
+# Read if sdcardfs is supported
+allow zygote proc_filesystems:file r_file_perms;
+
 # Create symlink for /data/user/0
 allow zygote tmpfs:lnk_file create;