tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Remove mediaserver sysfs write permissions.

Browse source 
Mediaserver no longer appears, and maybe never did, need write
permission to sysfs files.
commit: 1de9c492d1 added auditing to
make sure this is the case, and such access has not been observed.
Remove the permissions and the associated auditallow rule to further
confine the mediaserver sandbox.

Bug: 22827371
Change-Id: I44ca1521b9791db027300aa84e54c074845aa735
This commit is contained in:
dcashman 2015-09-22 13:03:41 -07:00
parent 483fd26735
commit 6c451da4ec
1 changed files with 1 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
mediaserver.te
View file

@ -35,8 +35,7 @@ set_prop(mediaserver, audio_prop)
allow mediaserver audio_device:chr_file rw_file_perms;
# XXX Label with a specific type?
allow mediaserver sysfs:file rw_file_perms;
auditallow mediaserver sysfs:file { write append };
allow mediaserver sysfs:file r_file_perms;
# Read resources from open apk files passed over Binder.
allow mediaserver apk_data_file:file { read getattr };