From 9a19f575a4c991bf2d7bc2f8f980909910ee4cce Mon Sep 17 00:00:00 2001
From: Pawit Pornkitprasan <p.pawit@gmail.com>
Date: Fri, 15 Nov 2013 09:54:39 +0700
Subject: [PATCH] sepolicy: allow vold to mount ext4 sdcard

When vold mounts an ext4 sdcard, it needs to force the context to
sdcard_external.

avc:  denied  { relabelfrom } for  pid=190 comm=vold scontext=u:r:vold:s0 tcontext=u:object_r:labeledfs:s0 tclass=filesystem
avc:  denied  { relabelto } for  pid=190 comm=vold scontext=u:r:vold:s0 tcontext=u:object_r:sdcard_external:s0 tclass=filesystem
avc:  denied  { relabelfrom } for  pid=190 comm=vold scontext=u:r:vold:s0 tcontext=u:object_r:sdcard_external:s0 tclass=filesystem

Change-Id: I80f42fbdf738dee10958ce1bdc1893a41234f0d9
---
 sepolicy/vold.te | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/sepolicy/vold.te b/sepolicy/vold.te
index 24514422..98777662 100644
--- a/sepolicy/vold.te
+++ b/sepolicy/vold.te
@@ -1,2 +1,7 @@
 # Allow vold to manage ASEC
 allow vold sdcard_external:file create_file_perms;
+
+# Allow vold to change context for mounted ext4 sdcard
+relabelto_domain(vold)
+allow vold labeledfs:filesystem { relabelfrom };
+allow vold sdcard_external:filesystem { relabelfrom relabelto };