Restore /mnt/sdcard symlink read access

Allow adbd and app domains to read the symlink at /mnt/sdcard.
This symlink was suppose to have been removed in the Gingerbread
time frame, but lives on.

Read access for this symlink was removed from adbd and the shell user in
8ca19368da, and from untrusted_app in
cbf7ba18db.

Addresses the following denials:

  avc: denied { read } for name="sdcard" dev="tmpfs" ino=9486 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:tmpfs:s0 tclass=lnk_file permissive=0
  avc: denied { read } for pid=4161 comm=73657276696365203137 name="sdcard" dev="tmpfs" ino=5114 scontext=u:r:adbd:s0 tcontext=u:object_r:tmpfs:s0 tclass=lnk_file permissive=0

Bug: 25801877
Bug: 28108983
Change-Id: Ia31cd8b53c9c3a5b7d11be42c2fde170f96affb0

adbd.te

@@ -36,7 +36,8 @@ allow adbd shell_data_file:file create_file_perms;
 
 # adb push/pull sdcard.
 allow adbd tmpfs:dir search;
-allow adbd rootfs:lnk_file r_file_perms;
+allow adbd rootfs:lnk_file r_file_perms;  # /sdcard symlink
+allow adbd tmpfs:lnk_file r_file_perms;   # /mnt/sdcard symlink
 allow adbd sdcard_type:dir create_dir_perms;
 allow adbd sdcard_type:file create_file_perms;
 

app.te

@@ -33,8 +33,9 @@ allow appdomain cgroup:file rw_file_perms;
 allow appdomain dalvikcache_data_file:dir { search getattr };
 allow appdomain dalvikcache_data_file:file r_file_perms;
 
-# Read the /sdcard symlink
+# Read the /sdcard and /mnt/sdcard symlinks
 allow appdomain rootfs:lnk_file r_file_perms;
+allow appdomain tmpfs:lnk_file r_file_perms;
 
 # Search /storage/emulated tmpfs mount.
 allow appdomain tmpfs:dir r_dir_perms;