platform_system_sepolicy/media_app.te

###
### Apps signed with the media key.
###

type media_app, domain;
permissive media_app;
app_domain(media_app)
platform_app_domain(media_app)
# Access the network.
net_domain(media_app)
# Access /dev/mtp_usb.
allow media_app mtp_device:chr_file rw_file_perms;
# Write to /cache.
allow media_app cache_file:dir rw_dir_perms;
allow media_app cache_file:file create_file_perms;
# Stat /cache/lost+found
allow media_app unlabeled:file getattr;
allow media_app unlabeled:dir getattr;
# Stat /cache/backup
allow media_app cache_backup_file:file getattr;
allow media_app cache_backup_file:dir getattr;
# Read files in the rootdir (in particular, file_contexts for restorecon).
allow media_app rootfs:file r_file_perms;
allow media_app download_file:dir rw_dir_perms;
allow media_app download_file:file create_file_perms;
# Allow platform apps to mark platform app data files as download files
relabelto_domain(media_app)
allow media_app platform_app_data_file:dir relabelfrom;
allow media_app download_file:dir relabelto;
Move *_app into their own file app.te covers a lot of different apps types (platform_app, media_app, shared_app, release_app, isolated_app, and untrusted_app), all of which are going to have slightly different security policies. Separate the different domains from app.te. Over time, these files are likely to grow substantially, and mixing different domain types is a recipe for confusion and mistakes. No functional change. Change-Id: Ida4e77fadb510f5993eb2d32f2f7649227edff4f 2013-07-13 01:33:29 +02:00			`###`
			`### Apps signed with the media key.`
			`###`

			`type media_app, domain;`
Confine all app domains, but make them permissive for now. As has already been done for untrusted_app, isolated_app, and bluetooth, make all the other domains used for app processes confined while making them permissive until sufficient testing has been done. Change-Id: If55fe7af196636c49d10fc18be2f44669e2626c5 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> 2013-10-23 19:12:55 +02:00			`permissive media_app;`
Move *_app into their own file app.te covers a lot of different apps types (platform_app, media_app, shared_app, release_app, isolated_app, and untrusted_app), all of which are going to have slightly different security policies. Separate the different domains from app.te. Over time, these files are likely to grow substantially, and mixing different domain types is a recipe for confusion and mistakes. No functional change. Change-Id: Ida4e77fadb510f5993eb2d32f2f7649227edff4f 2013-07-13 01:33:29 +02:00			`app_domain(media_app)`
			`platform_app_domain(media_app)`
			`# Access the network.`
			`net_domain(media_app)`
Confine all app domains, but make them permissive for now. As has already been done for untrusted_app, isolated_app, and bluetooth, make all the other domains used for app processes confined while making them permissive until sufficient testing has been done. Change-Id: If55fe7af196636c49d10fc18be2f44669e2626c5 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> 2013-10-23 19:12:55 +02:00			`# Access /dev/mtp_usb.`
			`allow media_app mtp_device:chr_file rw_file_perms;`
			`# Write to /cache.`
			`allow media_app cache_file:dir rw_dir_perms;`
			`allow media_app cache_file:file create_file_perms;`
			`# Stat /cache/lost+found`
			`allow media_app unlabeled:file getattr;`
			`allow media_app unlabeled:dir getattr;`
			`# Stat /cache/backup`
			`allow media_app cache_backup_file:file getattr;`
			`allow media_app cache_backup_file:dir getattr;`
			`# Read files in the rootdir (in particular, file_contexts for restorecon).`
			`allow media_app rootfs:file r_file_perms;`
			`allow media_app download_file:dir rw_dir_perms;`
			`allow media_app download_file:file create_file_perms;`
			`# Allow platform apps to mark platform app data files as download files`
Move *_app into their own file app.te covers a lot of different apps types (platform_app, media_app, shared_app, release_app, isolated_app, and untrusted_app), all of which are going to have slightly different security policies. Separate the different domains from app.te. Over time, these files are likely to grow substantially, and mixing different domain types is a recipe for confusion and mistakes. No functional change. Change-Id: Ida4e77fadb510f5993eb2d32f2f7649227edff4f 2013-07-13 01:33:29 +02:00			`relabelto_domain(media_app)`
Confine all app domains, but make them permissive for now. As has already been done for untrusted_app, isolated_app, and bluetooth, make all the other domains used for app processes confined while making them permissive until sufficient testing has been done. Change-Id: If55fe7af196636c49d10fc18be2f44669e2626c5 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> 2013-10-23 19:12:55 +02:00			`allow media_app platform_app_data_file:dir relabelfrom;`
Move *_app into their own file app.te covers a lot of different apps types (platform_app, media_app, shared_app, release_app, isolated_app, and untrusted_app), all of which are going to have slightly different security policies. Separate the different domains from app.te. Over time, these files are likely to grow substantially, and mixing different domain types is a recipe for confusion and mistakes. No functional change. Change-Id: Ida4e77fadb510f5993eb2d32f2f7649227edff4f 2013-07-13 01:33:29 +02:00			`allow media_app download_file:dir relabelto;`