Merge "SELinux policy: let vold write to device:dir." into jb-mr2-dev

commit: c25023e1fa8ef90634218ba5e146ed9bf80a8456 [log] [tgz]
author: Alex Klyubin <klyubin@google.com> Fri May 10 20:05:19 2013 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> Fri May 10 20:05:19 2013 +0000
tree: 40ffa44ebaa4a894ded37fc6f24fed4c24bcbc9c
parent: bd77ab31ac7e39f1bb517237b0148b9ab62dac8f [diff]
parent: d050c79b6415615a2a93e3ae10baa17069d0f9e8 [diff]
diff --git a/adbd.te b/adbd.te
index c565bd7..8420298 100644
--- a/adbd.te
+++ b/adbd.te

@@ -3,7 +3,7 @@
 type adbd, domain, mlstrustedsubject;
 allow adbd adb_device:chr_file rw_file_perms;
 allow adbd qemu_device:chr_file rw_file_perms;
-allow adbd self:capability { net_raw setgid setuid dac_override sys_boot sys_admin };
+allow adbd self:capability { net_raw setgid setuid setpcap dac_override sys_boot sys_admin };
 allow adbd rootfs:file { r_file_perms entrypoint };
 allow adbd init:process sigchld;
 allow adbd self:tcp_socket *;

diff --git a/policy.version b/policy.version
new file mode 100644
index 0000000..45a4fb7
--- /dev/null
+++ b/policy.version

@@ -0,0 +1 @@
+8

diff --git a/vold.te b/vold.te
index bdd754f..8dd2137 100644
--- a/vold.te
+++ b/vold.te

@@ -57,7 +57,7 @@
 allow vold proc:file write;
 
 # Create and mount on /data/tmp_mnt.
-allow vold system_data_file:dir { rw_dir_perms mounton };
+allow vold system_data_file:dir { create rw_dir_perms mounton };
 
 # Set scheduling policy of kernel processes
 allow vold kernel:process setsched;
commit	c25023e1fa8ef90634218ba5e146ed9bf80a8456	[log] [tgz]
author	Alex Klyubin <klyubin@google.com>	Fri May 10 20:05:19 2013 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	Fri May 10 20:05:19 2013 +0000
tree	40ffa44ebaa4a894ded37fc6f24fed4c24bcbc9c
parent	bd77ab31ac7e39f1bb517237b0148b9ab62dac8f [diff]
parent	d050c79b6415615a2a93e3ae10baa17069d0f9e8 [diff]