vold: allow execute cp and rm

Used in system/vold/MoveTask.cpp Addresses: avc: denied { execute } for name="toolbox" dev="mmcblk0p29" ino=359 scontext=u:r:vold:s0 tcontext=u:object_r:toolbox_exec:s0 tclass=file permissive=1 avc: denied { read open } for path="/system/bin/toolbox" dev="mmcblk0p29" ino=359 scontext=u:r:vold:s0 tcontext=u:object_r:toolbox_exec:s0 tclass=file permissive=1 avc: denied { execute_no_trans } for path="/system/bin/toolbox" dev="mmcblk0p29" ino=359 scontext=u:r:vold:s0 tcontext=u:object_r:toolbox_exec:s0 tclass=file permissive=1 Change-Id: I2eb6288aaed510ae5be0f3605088ace6b865ef83
2016-01-21 09:46:58 -08:00 · 2016-01-21 09:46:58 -08:00 · d1f8f731ea
commit d1f8f731ea
parent 540ea534e0
1 changed files with 3 additions and 0 deletions
--- a/vold.te
+++ b/vold.te
@ -168,6 +168,9 @@ allow vold fuse_device:chr_file rw_file_perms;
 allow vold sysfs_zram:dir r_dir_perms;
 allow vold sysfs_zram_uevent:file rw_file_perms;

+# MoveTask.cpp executes cp and rm
+allow vold toolbox_exec:file rx_file_perms;
+
 neverallow { domain -vold } vold_data_file:dir ~{ open create read getattr setattr search relabelto ioctl };
 neverallow { domain -vold } vold_data_file:notdevfile_class_set ~{ relabelto getattr };
 neverallow { domain -vold -init } vold_data_file:dir *;