sepolicy: Address SELinux denials

Change-Id: Ice8f2890fbade59d063097ac3ee3647f24e8d3ad

4 files changed, 4 insertions, 1 deletions

diff --git a/BoardCommonConfig.mk b/BoardCommonConfig.mk
index fcd79df..8d6814c 100644
--- a/BoardCommonConfig.mk
+++ b/BoardCommonConfig.mk
@@ -162,6 +162,7 @@ BOARD_SEPOLICY_UNION += \
     dumpstate.te \
     file.te \
     file_contexts \
+    healthd.te \
     init.te \
     kernel.te \
     mediaserver.te \
diff --git a/selinux/healthd.te b/selinux/healthd.te
new file mode 100644
index 0000000..a7ec774
--- /dev/null
+++ b/selinux/healthd.te
@@ -0,0 +1 @@
+allow healthd device:dir r_dir_perms;
diff --git a/selinux/system_server.te b/selinux/system_server.te
index 970da27..5ae729d 100644
--- a/selinux/system_server.te
+++ b/selinux/system_server.te
@@ -3,3 +3,4 @@ allow system_server sysfs_display:file { read write getattr open };
 allow system_server efs_file:dir { search };
 allow system_server efs_file:file { read open write };
 allow system_server efs_device_file:dir search;
+allow system_server fuse:dir search;
diff --git a/selinux/vold.te b/selinux/vold.te
index 7bf2310..b31b92d 100644
--- a/selinux/vold.te
+++ b/selinux/vold.te
@@ -1,3 +1,3 @@
 allow vold sdcard_external:file rw_file_perms;
-allow vold efs_device_file:dir rw_file_perms;
+allow vold efs_device_file:dir rw_dir_perms;
 allow vold efs_device_file:file rw_file_perms;