From 1e1d0f4bed143c9070eee620f9e42765a316b87d Mon Sep 17 00:00:00 2001
From: codeworkx <codeworkx@cyanogenmod.org>
Date: Wed, 30 Dec 2015 11:48:31 +0100
Subject: [PATCH] sepolicy: Fixes for external storage denials

Change-Id: Ia7b13e360ea4109fb12a4ade91b3536bcb3e57c5
---
 sepolicy/fsck_untrusted.te | 1 +
 sepolicy/genfs_contexts    | 1 +
 sepolicy/system_server.te  | 1 +
 sepolicy/vold.te           | 2 ++
 4 files changed, 5 insertions(+)
 create mode 100644 sepolicy/fsck_untrusted.te
 create mode 100644 sepolicy/vold.te

diff --git a/sepolicy/fsck_untrusted.te b/sepolicy/fsck_untrusted.te
new file mode 100644
index 0000000..1c520b7
--- /dev/null
+++ b/sepolicy/fsck_untrusted.te
@@ -0,0 +1 @@
+allow fsck_untrusted self:capability sys_admin;
diff --git a/sepolicy/genfs_contexts b/sepolicy/genfs_contexts
index 49a35af..d410612 100644
--- a/sepolicy/genfs_contexts
+++ b/sepolicy/genfs_contexts
@@ -1 +1,2 @@
 genfscon proc /bluetooth/sleep u:object_r:proc_bluetooth_writable:s0
+genfscon exfat / u:object_r:sdcard_external:s0
diff --git a/sepolicy/system_server.te b/sepolicy/system_server.te
index 9512a6c..675f1a9 100644
--- a/sepolicy/system_server.te
+++ b/sepolicy/system_server.te
@@ -6,3 +6,4 @@ allow system_server sysfs_sec:file rw_file_perms;
 allow system_server sysfs_vibeamp:dir search;
 allow system_server sysfs_vibeamp:file rw_file_perms;
 allow system_server wifi_efs_file:file r_file_perms;
+allow system_server storage_stub_file:dir { getattr };
diff --git a/sepolicy/vold.te b/sepolicy/vold.te
new file mode 100644
index 0000000..acdf87e
--- /dev/null
+++ b/sepolicy/vold.te
@@ -0,0 +1,2 @@
+allow vold storage_stub_file:dir { rw_file_perms search add_name };
+allow vold mnt_media_rw_stub_file:dir r_dir_perms;