Home | History | Annotate | Download | only in sepolicy 
      1 type sdcardd, domain;
      2 type sdcardd_exec, exec_type, file_type;
      3 
      4 init_daemon_domain(sdcardd)
      5 
      6 allow sdcardd cgroup:dir create_dir_perms;
      7 allow sdcardd fuse_device:chr_file rw_file_perms;
      8 allow sdcardd rootfs:dir mounton;
      9 allow sdcardd sdcard_type:filesystem { mount unmount };
     10 allow sdcardd self:capability { setuid setgid dac_override sys_admin sys_resource };
     11 
     12 allow sdcardd sdcard_type:dir create_dir_perms;
     13 allow sdcardd sdcard_type:file create_file_perms;
     14 
     15 type_transition sdcardd system_data_file:{ dir file } media_rw_data_file;
     16 allow sdcardd media_rw_data_file:dir create_dir_perms;
     17 allow sdcardd media_rw_data_file:file create_file_perms;
     18 
     19 # Read /data/system/packages.list.
     20 allow sdcardd system_data_file:file r_file_perms;
     21 
     22 # Read /data/.layout_version
     23 allow sdcardd install_data_file:file r_file_perms;
     24