Piteball
/
android_device_samsung_klte-common
mirror of https://github.com/ripee/android_device_samsung_klte-common.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

klte-common: sepolicy: Clean-up policy for external sdcards 

* Yes, this looks horrendously wide-open, but this only applied for the
  complete sandbox that is external sdcard

Change-Id: Ibd1fe240eeed65f079e810a3da5157a4e64944f2
This commit is contained in:
Kevin F. Haggerty 2017-09-16 08:50:12 -06:00
parent bf67c969ca
commit d66d9d918a
3 changed files with 12 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
sepolicy/platform_app.te
View File

@ -1,3 +1,4 @@
allow platform_app fuseblk:dir { open read remove_name search write };
allow platform_app fuseblk:file { getattr unlink write };
allow platform_app exfat:dir create_dir_perms;
allow platform_app exfat:file create_file_perms;
allow platform_app fuseblk:dir create_dir_perms;
allow platform_app fuseblk:file create_file_perms;

6
sepolicy/priv_app.te
View File

@ -1,3 +1,5 @@
allow priv_app device:dir { open read };
allow priv_app fuseblk:dir { add_name open read search read write };
allow priv_app fuseblk:file { create getattr open read write };
allow priv_app exfat:dir create_dir_perms;
allow priv_app exfat:file create_file_perms;
allow priv_app fuseblk:dir create_dir_perms;
allow priv_app fuseblk:file create_file_perms;

6
sepolicy/untrusted_app.te
View File

@ -1,3 +1,5 @@
# These are safe for an untrusted_app -- they are the external SD card
allow untrusted_app fuseblk:dir search;
allow untrusted_app fuseblk:file { getattr read };
allow untrusted_app exfat:dir create_dir_perms;
allow untrusted_app exfat:file create_file_perms;
allow untrusted_app fuseblk:dir create_dir_perms;
allow untrusted_app fuseblk:file create_file_perms;