sdcard policy and fuse device label.
diff --git a/device.te b/device.te
index ac34d72..4d2dea3 100644
--- a/device.te
+++ b/device.te
@@ -37,6 +37,7 @@
type video_device, dev_type;
type vcs_device, dev_type;
type zero_device, dev_type;
+type fuse_device, dev_type;
# All devices have a uart for the hci
# attach service. The uart dev node
diff --git a/file_contexts b/file_contexts
index c610df3..fa22c87 100644
--- a/file_contexts
+++ b/file_contexts
@@ -25,6 +25,7 @@
/dev/device-mapper u:object_r:dm_device:s0
/dev/eac u:object_r:audio_device:s0
/dev/full u:object_r:full_device:s0
+/dev/fuse u:object_r:fuse_device:s0
/dev/graphics(/.*)? u:object_r:graphics_device:s0
/dev/input(/.*) u:object_r:input_device:s0
/dev/kmem u:object_r:kmem_device:s0
@@ -96,6 +97,7 @@
/system/bin/bluetoothd u:object_r:bluetoothd_exec:s0
/system/bin/wpa_supplicant u:object_r:wpa_exec:s0
/system/bin/qemud u:object_r:qemud_exec:s0
+/system/bin/sdcard u:object_r:sdcardd_exec:s0
/system/xbin/su u:object_r:su_exec:s0
/system/vendor/bin/gpsd u:object_r:gpsd_exec:s0
#############################
diff --git a/sdcardd.te b/sdcardd.te
new file mode 100644
index 0000000..21b8673
--- /dev/null
+++ b/sdcardd.te
@@ -0,0 +1,13 @@
+type sdcardd, domain;
+type sdcardd_exec, exec_type, file_type;
+
+init_daemon_domain(sdcardd)
+
+allow sdcardd cgroup:dir create_dir_perms;
+allow sdcardd fuse_device:chr_file rw_file_perms;
+allow sdcardd rootfs:dir mounton;
+allow sdcardd sdcard:filesystem mount;
+allow sdcardd self:capability { setuid setgid };
+allow sdcardd system_data_file:dir create_dir_perms;
+allow sdcardd system_data_file:file create_file_perms;
+