Allow access to media_rw_data_file for now.
With sdcardfs, we no longer have a separate sdcardd acting as an intermediate between the outside world and /data/media. Unless we modify sdcardfs to change contexts, we need these. Added for: adbd, kernel, mediaserver, and shell Remove this patch if sdcardfs is updated to change the secontext of fs accesses. Bug: 27915475 Bug: 27937873 Change-Id: I25edcfc7fb8423b3184db84040bda790a1042724
This commit is contained in:
Daniel Rosenberg
parent
bb90999e9a
commit
d25d57a3cd
4 changed files with 16 additions and 0 deletions
2
adbd.te
2
adbd.te
|
|
@ -102,5 +102,7 @@ allow adbd mnt_user_file:dir r_dir_perms;
|
|||
allow adbd mnt_user_file:lnk_file r_file_perms;
|
||||
|
||||
# Access to /data/media.
|
||||
# This should be removed if sdcardfs is modified to alter the secontext for its
|
||||
# accesses to the underlying FS.
|
||||
allow adbd media_rw_data_file:dir create_dir_perms;
|
||||
allow adbd media_rw_data_file:file create_file_perms;
|
||||
|
|
|
|||
|
|
@ -65,6 +65,12 @@ allow kernel asec_image_file:file read;
|
|||
|
||||
domain_auto_trans(kernel, init_exec, init)
|
||||
|
||||
# Access to /data/media.
|
||||
# This should be removed if sdcardfs is modified to alter the secontext for its
|
||||
# accesses to the underlying FS.
|
||||
allow kernel media_rw_data_file:dir create_dir_perms;
|
||||
allow kernel media_rw_data_file:file create_file_perms;
|
||||
|
||||
###
|
||||
### neverallow rules
|
||||
###
|
||||
|
|
|
|||
|
|
@ -124,6 +124,12 @@ allow mediaserver drmserver:drmservice {
|
|||
allowxperm mediaserver self:{ rawip_socket tcp_socket udp_socket }
|
||||
ioctl { unpriv_sock_ioctls unpriv_tty_ioctls };
|
||||
|
||||
# Access to /data/media.
|
||||
# This should be removed if sdcardfs is modified to alter the secontext for its
|
||||
# accesses to the underlying FS.
|
||||
allow mediaserver media_rw_data_file:dir create_dir_perms;
|
||||
allow mediaserver media_rw_data_file:file create_file_perms;
|
||||
|
||||
###
|
||||
### neverallow rules
|
||||
###
|
||||
|
|
|
|||
2
shell.te
2
shell.te
|
|
@ -123,6 +123,8 @@ allow shell sysfs:dir r_dir_perms;
|
|||
allow shell ion_device:chr_file rw_file_perms;
|
||||
|
||||
# Access to /data/media.
|
||||
# This should be removed if sdcardfs is modified to alter the secontext for its
|
||||
# accesses to the underlying FS.
|
||||
allow shell media_rw_data_file:dir create_dir_perms;
|
||||
allow shell media_rw_data_file:file create_file_perms;
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue