Restore /mnt/sdcard symlink read access
Allow adbd and app domains to read the symlink at /mnt/sdcard. This symlink was suppose to have been removed in the Gingerbread time frame, but lives on. Read access for this symlink was removed from adbd and the shell user in8ca19368da
, and from untrusted_app incbf7ba18db
. Addresses the following denials: avc: denied { read } for name="sdcard" dev="tmpfs" ino=9486 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:tmpfs:s0 tclass=lnk_file permissive=0 avc: denied { read } for pid=4161 comm=73657276696365203137 name="sdcard" dev="tmpfs" ino=5114 scontext=u:r:adbd:s0 tcontext=u:object_r:tmpfs:s0 tclass=lnk_file permissive=0 Bug: 25801877 Bug: 28108983 Change-Id: Ia31cd8b53c9c3a5b7d11be42c2fde170f96affb0
This commit is contained in:
parent
e038062a66
commit
e3151bd1e8
3
adbd.te
3
adbd.te
@ -36,7 +36,8 @@ allow adbd shell_data_file:file create_file_perms;
|
||||
|
||||
# adb push/pull sdcard.
|
||||
allow adbd tmpfs:dir search;
|
||||
allow adbd rootfs:lnk_file r_file_perms;
|
||||
allow adbd rootfs:lnk_file r_file_perms; # /sdcard symlink
|
||||
allow adbd tmpfs:lnk_file r_file_perms; # /mnt/sdcard symlink
|
||||
allow adbd sdcard_type:dir create_dir_perms;
|
||||
allow adbd sdcard_type:file create_file_perms;
|
||||
|
||||
|
3
app.te
3
app.te
@ -33,8 +33,9 @@ allow appdomain cgroup:file rw_file_perms;
|
||||
allow appdomain dalvikcache_data_file:dir { search getattr };
|
||||
allow appdomain dalvikcache_data_file:file r_file_perms;
|
||||
|
||||
# Read the /sdcard symlink
|
||||
# Read the /sdcard and /mnt/sdcard symlinks
|
||||
allow appdomain rootfs:lnk_file r_file_perms;
|
||||
allow appdomain tmpfs:lnk_file r_file_perms;
|
||||
|
||||
# Search /storage/emulated tmpfs mount.
|
||||
allow appdomain tmpfs:dir r_dir_perms;
|
||||
|
Loading…
Reference in New Issue
Block a user