From 4f7200e306077cef48fb0887841f18dd998932c9 Mon Sep 17 00:00:00 2001
From: Xindong Xu<xindong.xu@amlogic.com>
Date: Fri, 19  Jan  2018  07:06:21  +0000
Subject: sepolicy: sync to 8.1 ef4dcd7f07 [1/6]

PD# 158649

sync to 8.1 ef4dcd7f07

Change-Id: Idc67bc95443185f38a3d536552507771006a6b2f
---
diff --git a/sepolicy/droidvold.te b/sepolicy/droidvold.te
index 4db4a47..6819af7 100644
--- a/sepolicy/droidvold.te
+++ b/sepolicy/droidvold.te
@@ -94,4 +94,7 @@ domain_auto_trans(droidvold, ntfs_3g_exec, ntfs_3g);
 
 allow droidvold loop_device:blk_file { open read write ioctl };
 allow droidvold fuseblk:dir { search };
-allow droidvold fuseblk:file { open read write };
\ No newline at end of file
+allow droidvold fuseblk:file { open read write };
+
+allow droidvold sdcardfs:filesystem { mount unmount remount };
+allow droidvold storage_file:dir { write add_name create setattr mounton search getattr };
diff --git a/sepolicy/platform_app.te b/sepolicy/platform_app.te
index 487bb5c..135b8c1 100644
--- a/sepolicy/platform_app.te
+++ b/sepolicy/platform_app.te
@@ -39,4 +39,7 @@ allow platform_app system_control:binder { call };
 allow platform_app droidmount_service:service_manager { find };
 allow platform_app subtitle_service:service_manager { find };
 allow platform_app iso9660:dir { search open read getattr };
-allow platform_app iso9660:file { open read getattr };
\ No newline at end of file
+allow platform_app iso9660:file { open read getattr };
+
+allow platform_app droidvold_hwservice:hwservice_manager { find };
+allow platform_app droidvold:binder { call transfer };
diff --git a/sepolicy/untrusted_app.te b/sepolicy/untrusted_app.te
index 091d6c2..bd36052 100644
--- a/sepolicy/untrusted_app.te
+++ b/sepolicy/untrusted_app.te
@@ -1 +1,4 @@
-allow untrusted_app system_control:binder call;
+allow untrusted_app system_control:binder { call };
+
+allow untrusted_app fuseblk:dir  { search };
+allow untrusted_app fuseblk:file { read open getattr };
diff --git a/sepolicy/untrusted_app_25.te b/sepolicy/untrusted_app_25.te
index 998b431..4365f69 100644
--- a/sepolicy/untrusted_app_25.te
+++ b/sepolicy/untrusted_app_25.te
@@ -1 +1,4 @@
 allow untrusted_app_25 sysfs:file { open read };
+
+allow untrusted_app_25 fuseblk:dir  { search };
+allow untrusted_app_25 fuseblk:file { read open getattr };
--
cgit