Allow shell and adbd access to media_rw_data_file for now.

With sdcardfs, we no longer have a separate sdcardd acting as an intermediate between the outside world and /data/media. Unless we modify sdcardfs to change contexts, we need these. Remove this patch if sdcardfs is updated to change the secontext of fs accesses. Bug: 27925072 Change-Id: I3ad37c0f12836249c83042bdc1111b6360f22b3c
2016-03-30 18:02:04 -07:00 · 2016-03-30 18:02:04 -07:00 · bb90999e9a
commit bb90999e9a
parent f19fb0c973
2 changed files with 8 additions and 0 deletions
--- a/adbd.te
+++ b/adbd.te
@ -100,3 +100,7 @@ allow adbd storage_file:dir r_dir_perms;
 allow adbd storage_file:lnk_file r_file_perms;
 allow adbd mnt_user_file:dir r_dir_perms;
 allow adbd mnt_user_file:lnk_file r_file_perms;
+
+# Access to /data/media.
+allow adbd media_rw_data_file:dir create_dir_perms;
+allow adbd media_rw_data_file:file create_file_perms;
--- a/shell.te
+++ b/shell.te
@ -122,6 +122,10 @@ allow shell sysfs:dir r_dir_perms;
 # Allow access to ion memory allocation device.
 allow shell ion_device:chr_file rw_file_perms;

+# Access to /data/media.
+allow shell media_rw_data_file:dir create_dir_perms;
+allow shell media_rw_data_file:file create_file_perms;
+
 ###
 ### Neverallow rules
 ###