• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1domain_auto_trans(vold, vold_prepare_subdirs_exec, vold_prepare_subdirs)
2
3typeattribute vold_prepare_subdirs mlstrustedsubject;
4
5allow vold_prepare_subdirs system_file:file execute_no_trans;
6allow vold_prepare_subdirs shell_exec:file rx_file_perms;
7allow vold_prepare_subdirs toolbox_exec:file rx_file_perms;
8allow vold_prepare_subdirs devpts:chr_file rw_file_perms;
9allow vold_prepare_subdirs vold:fd use;
10allow vold_prepare_subdirs vold:fifo_file { read write };
11allow vold_prepare_subdirs file_contexts_file:file r_file_perms;
12allow vold_prepare_subdirs self:global_capability_class_set { chown dac_override dac_read_search fowner };
13allow vold_prepare_subdirs self:process setfscreate;
14allow vold_prepare_subdirs {
15  system_data_file
16  vendor_data_file
17}:dir { open read write add_name remove_name rmdir relabelfrom };
18allow vold_prepare_subdirs {
19    apex_appsearch_data_file
20    apex_art_data_file
21    apex_module_data_file
22    apex_permission_data_file
23    apex_rollback_data_file
24    apex_scheduling_data_file
25    apex_wifi_data_file
26    backup_data_file
27    face_vendor_data_file
28    fingerprint_vendor_data_file
29    iris_vendor_data_file
30    rollback_data_file
31    storaged_data_file
32    system_data_file
33    vold_data_file
34}:dir { create_dir_perms relabelto };
35allow vold_prepare_subdirs {
36    apex_appsearch_data_file
37    apex_art_data_file
38    apex_art_staging_data_file
39    apex_module_data_file
40    apex_permission_data_file
41    apex_rollback_data_file
42    apex_scheduling_data_file
43    apex_wifi_data_file
44    backup_data_file
45    face_vendor_data_file
46    fingerprint_vendor_data_file
47    iris_vendor_data_file
48    rollback_data_file
49    storaged_data_file
50    system_data_file
51    vold_data_file
52}:file { getattr unlink };
53allow vold_prepare_subdirs apex_mnt_dir:dir { open read };
54allow vold_prepare_subdirs mnt_expand_file:dir search;
55allow vold_prepare_subdirs user_profile_data_file:dir { search getattr relabelfrom };
56allow vold_prepare_subdirs user_profile_root_file:dir { search getattr relabelfrom relabelto };
57# /data/misc is unlabeled during early boot.
58allow vold_prepare_subdirs unlabeled:dir search;
59
60dontaudit vold_prepare_subdirs { proc unlabeled }:file r_file_perms;
61