From e2ad318e45861ae649924e75db605fc6006240f6 Mon Sep 17 00:00:00 2001 From: William Roberts Date: Tue, 27 Nov 2012 17:34:54 -0800 Subject: [PATCH] Label persist audio properties label all persist.audio.* properties and allow mediaserver access to them. Change-Id: If5755d9783dce298e66a25bcb7f17ff17bd83ea7 --- mediaserver.te | 2 ++ property.te | 1 + property_contexts | 1 + 3 files changed, 4 insertions(+) diff --git a/mediaserver.te b/mediaserver.te index 4b299a025..0181e29ec 100644 --- a/mediaserver.te +++ b/mediaserver.te @@ -3,6 +3,7 @@ type mediaserver, domain; type mediaserver_exec, exec_type, file_type; init_daemon_domain(mediaserver) +unix_socket_connect(mediaserver, property, init) net_domain(mediaserver) typeattribute mediaserver mlstrustedsubject; allow mediaserver kernel:system module_request; @@ -43,3 +44,4 @@ allow mediaserver qtaguid_device:chr_file r_file_perms; allow mediaserver rild:unix_stream_socket connectto; allow mediaserver tee_device:chr_file rw_file_perms; +allow mediaserver audio_prop:property_service set; diff --git a/property.te b/property.te index b62004eff..ed84c641f 100644 --- a/property.te +++ b/property.te @@ -7,3 +7,4 @@ type rild_prop, property_type; type ctl_default_prop, property_type; type ctl_dumpstate_prop, property_type; type ctl_rildaemon_prop, property_type; +type audio_prop, property_type; diff --git a/property_contexts b/property_contexts index a08ae8066..d86bcb628 100644 --- a/property_contexts +++ b/property_contexts @@ -29,6 +29,7 @@ log. u:object_r:shell_prop:s0 service.adb.root u:object_r:shell_prop:s0 service.adb.tcp.port u:object_r:shell_prop:s0 +persist.audio. u:object_r:audio_prop:s0 persist.sys. u:object_r:system_prop:s0 persist.service. u:object_r:system_prop:s0 persist.security. u:object_r:system_prop:s0