From a92bd32a1dcc939091df4cbe13a4d1c077734784 Mon Sep 17 00:00:00 2001 From: Max Bires Date: Fri, 21 Jul 2017 14:02:42 -0700 Subject: [PATCH] Removing TODO upon bug resolution and fixing boot denial denied { read } for pid=708 comm="vold" name="/" dev="sda4" ino=2 scontext=u:r:vold:s0 tcontext=u:object_r:persist_file:s0 tclass=dir Bug: 35810138 Test: Above denial no longer appears on boot, vold works under enforcing Change-Id: I78add787fa732e0cf20a3e205f866554d17d0e18 --- sepolicy/vendor/vold.te | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/sepolicy/vendor/vold.te b/sepolicy/vendor/vold.te index d4bd9f39..9615edab 100644 --- a/sepolicy/vendor/vold.te +++ b/sepolicy/vendor/vold.te @@ -1,6 +1,5 @@ -# TODO: (b/35810138) the keymaster HAL must be binderized. -passthrough_hal_client_domain(vold, hal_keymaster); - get_prop(vold, tee_listener_prop) allow vold sysfs_scsi_devices_0000:file write; + +allow vold persist_file:dir r_dir_perms;