Rename camera_calibration_file and audio_firmware_file.
Use more general type names for the contents of /data/misc/camera and /data/misc/audio. These were the names used in our policy until 4.3 was released, at which point we switched to be consistent with AOSP. However, the Galaxy S4 4.2.2 image, Galaxy S4 4.3 image, and Galaxy Note 3 4.3 image all shipped with policies using _data_file names because they were based on our older policy. So we may as well switch AOSP to these names. Not sure if in fact these could be all coalesced to the new media_data_file type for /data/misc/media introduced by Ic374488f8b62bd4f8b3c90f30da0e8d1ed1a7343. Options to fix already existing devices, which would only apply to Nexus devices with 4.3 or 4.4 at this point: 1) Add restorecon_recursive /data/misc/audio /data/misc/camera to either the system/core init.rc or to the device-specific init.*.rc files. -or- 2) Add a typealias declaration in the policy to remap the old type names. to the new ones. Then existing types on persistent storage will be remapped internally to the new ones. -or- 3) Some sort of relabeld. Option #2 is implemented by this change. Change-Id: Id36203f5bb66b5200efc1205630b5b260ef97496 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
This commit is contained in:
Stephen Smalley
parent
bc1388d34c
commit
8510d31ed3
3 changed files with 13 additions and 10 deletions
7
file.te
7
file.te
|
|
@ -49,7 +49,7 @@ type shell_data_file, file_type, data_file_type;
|
|||
# /data/gps
|
||||
type gps_data_file, file_type, data_file_type;
|
||||
# /data/misc subdirectories
|
||||
type audio_firmware_file, file_type, data_file_type;
|
||||
type audio_data_file, file_type, data_file_type;
|
||||
type bluetooth_data_file, file_type, data_file_type;
|
||||
type media_data_file, file_type, data_file_type;
|
||||
type keystore_data_file, file_type, data_file_type;
|
||||
|
|
@ -58,8 +58,11 @@ type systemkeys_data_file, file_type, data_file_type;
|
|||
type wifi_data_file, file_type, data_file_type;
|
||||
type radio_data_file, file_type, data_file_type;
|
||||
type nfc_data_file, file_type, data_file_type;
|
||||
type camera_calibration_file, file_type, data_file_type;
|
||||
type camera_data_file, file_type, data_file_type;
|
||||
type adb_keys_file, file_type, data_file_type;
|
||||
# Compatibility with type names used in vanilla Android 4.3 and 4.4.
|
||||
typealias audio_data_file alias audio_firmware_file;
|
||||
typealias camera_data_file alias camera_calibration_file;
|
||||
# /data/data subdirectories - app sandboxes
|
||||
type app_data_file, file_type, data_file_type;
|
||||
type platform_app_data_file, file_type, data_file_type, mlstrustedobject;
|
||||
|
|
|
|||
|
|
@ -167,7 +167,7 @@
|
|||
/data/tombstones(/.*)? u:object_r:tombstone_data_file:s0
|
||||
/data/local/tmp(/.*)? u:object_r:shell_data_file:s0
|
||||
# Misc data
|
||||
/data/misc/audio(/.*)? u:object_r:audio_firmware_file:s0
|
||||
/data/misc/audio(/.*)? u:object_r:audio_data_file:s0
|
||||
/data/misc/bluetooth(/.*)? u:object_r:bluetooth_data_file:s0
|
||||
/data/misc/bluedroid(/.*)? u:object_r:bluetooth_data_file:s0
|
||||
/data/misc/keystore(/.*)? u:object_r:keystore_data_file:s0
|
||||
|
|
@ -175,7 +175,7 @@
|
|||
/data/misc/vpn(/.*)? u:object_r:vpn_data_file:s0
|
||||
/data/misc/systemkeys(/.*)? u:object_r:systemkeys_data_file:s0
|
||||
/data/misc/wifi(/.*)? u:object_r:wifi_data_file:s0
|
||||
/data/misc/camera(/.*)? u:object_r:camera_calibration_file:s0
|
||||
/data/misc/camera(/.*)? u:object_r:camera_data_file:s0
|
||||
/data/misc/dhcp(/.*)? u:object_r:dhcp_data_file:s0
|
||||
/data/misc/adb(/.*)? u:object_r:adb_keys_file:s0
|
||||
# App sandboxes
|
||||
|
|
|
|||
|
|
@ -47,13 +47,13 @@ allow mediaserver rpmsg_device:chr_file rw_file_perms;
|
|||
# Inter System processes communicate over named pipe (FIFO)
|
||||
allow mediaserver system_server:fifo_file r_file_perms;
|
||||
|
||||
# Camera calibration
|
||||
allow mediaserver camera_calibration_file:dir r_dir_perms;
|
||||
allow mediaserver camera_calibration_file:file r_file_perms;
|
||||
# Camera data
|
||||
allow mediaserver camera_data_file:dir r_dir_perms;
|
||||
allow mediaserver camera_data_file:file r_file_perms;
|
||||
|
||||
# Grant access to audio firmware files to mediaserver
|
||||
allow mediaserver audio_firmware_file:dir ra_dir_perms;
|
||||
allow mediaserver audio_firmware_file:file create_file_perms;
|
||||
# Grant access to audio files to mediaserver
|
||||
allow mediaserver audio_data_file:dir ra_dir_perms;
|
||||
allow mediaserver audio_data_file:file create_file_perms;
|
||||
|
||||
# Read/[write] to /proc/net/xt_qtaguid/ctrl and /dev/xt_qtaguid
|
||||
allow mediaserver qtaguid_proc:file rw_file_perms;
|
||||
|
|
|
|||
Loading…
Reference in a new issue