Allow mediaserver to create dirs under /data/mediadrm.

Addresses the following denial. avc: denied { create } for pid=605 comm="Binder_2" name="IDM1013" scontext=u:r:mediaserver:s0 tcontext=u:object_r:media_data_file:s0 tclass=dir Witnessed denial on grouper. Policy change seems appropriate for core policy though. To reproduce: * erase data partition or just delete all dirs under /data/mediadrm * start netflix app and watch a movie Change-Id: I515a195d45223249847fae70dc2ea9c9b216042f Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
2014-01-21 15:37:28 -05:00 · 2014-01-21 15:37:28 -05:00 · 129f8df926
commit 129f8df926
parent 2e7a301fad
1 changed files with 1 additions and 1 deletions
--- a/mediaserver.te
+++ b/mediaserver.te
@ -18,7 +18,7 @@ binder_service(mediaserver)

 allow mediaserver self:process execmem;
 allow mediaserver kernel:system module_request;
-allow mediaserver media_data_file:dir rw_dir_perms;
+allow mediaserver media_data_file:dir create_dir_perms;
 allow mediaserver media_data_file:file create_file_perms;
 allow mediaserver app_data_file:dir search;
 allow mediaserver app_data_file:file rw_file_perms;