diff options
Diffstat (limited to 'sdcardd.te')
-rw-r--r-- | sdcardd.te | 40 |
1 files changed, 0 insertions, 40 deletions
diff --git a/sdcardd.te b/sdcardd.te deleted file mode 100644 index 846c59b..0000000 --- a/sdcardd.te +++ /dev/null @@ -1,40 +0,0 @@ -type sdcardd, domain, domain_deprecated; -type sdcardd_exec, exec_type, file_type; - -allow sdcardd cgroup:dir create_dir_perms; -allow sdcardd fuse_device:chr_file rw_file_perms; -allow sdcardd rootfs:dir mounton; # TODO: deprecated in M -allow sdcardd tmpfs:dir r_dir_perms; -allow sdcardd mnt_media_rw_file:dir r_dir_perms; -allow sdcardd storage_file:dir search; -allow sdcardd storage_stub_file:dir { search mounton }; -allow sdcardd sdcard_type:filesystem { mount unmount }; -allow sdcardd self:capability { setuid setgid dac_override sys_admin sys_resource }; - -allow sdcardd sdcard_type:dir create_dir_perms; -allow sdcardd sdcard_type:file create_file_perms; - -type_transition sdcardd system_data_file:{ dir file } media_rw_data_file; -allow sdcardd media_rw_data_file:dir create_dir_perms; -allow sdcardd media_rw_data_file:file create_file_perms; - -# Read /data/system/packages.list. -allow sdcardd system_data_file:file r_file_perms; - -# Read /data/.layout_version -allow sdcardd install_data_file:file r_file_perms; - -# Allow stdin/out back to vold -allow sdcardd vold:fd use; -allow sdcardd vold:fifo_file { read write getattr }; - -# Allow running on top of expanded storage -allow sdcardd mnt_expand_file:dir search; - -### -### neverallow rules -### - -# The sdcard daemon should no longer be started from init -neverallow init sdcardd_exec:file execute; -neverallow init sdcardd:process { transition dyntransition }; |