bba1838103
Address the following denial: SELinux E avc: denied { find } for service=drm.drmManager scontext=u:r:radio:s0 tcontext=u:object_r:drmserver_service:s0 which occurs when a non-default SMS app sends an MMS. The message would be stored into system automatically in MMS service (from phone process and phone UID). The storing of the message involves the creation of android.drm.DrmManagerClient instance. Change-Id: Ic4e493f183c9ce7f7ac3f74f6ea062893ea67608
53 lines
1.6 KiB
Text
53 lines
1.6 KiB
Text
# phone subsystem
|
|
type radio, domain, mlstrustedsubject;
|
|
app_domain(radio)
|
|
net_domain(radio)
|
|
bluetooth_domain(radio)
|
|
binder_service(radio)
|
|
|
|
# Talks to init via the property socket.
|
|
unix_socket_connect(radio, property, init)
|
|
|
|
# Talks to rild via the rild socket.
|
|
unix_socket_connect(radio, rild, rild)
|
|
|
|
# Data file accesses.
|
|
allow radio radio_data_file:dir create_dir_perms;
|
|
allow radio radio_data_file:notdevfile_class_set create_file_perms;
|
|
|
|
allow radio alarm_device:chr_file rw_file_perms;
|
|
|
|
r_dir_file(radio, proc_net)
|
|
allow radio net_data_file:dir search;
|
|
allow radio net_data_file:file r_file_perms;
|
|
|
|
# Property service
|
|
allow radio radio_prop:property_service set;
|
|
allow radio net_radio_prop:property_service set;
|
|
allow radio system_radio_prop:property_service set;
|
|
auditallow radio net_radio_prop:property_service set;
|
|
auditallow radio system_radio_prop:property_service set;
|
|
|
|
# ctl interface
|
|
allow radio ctl_rildaemon_prop:property_service set;
|
|
|
|
allow radio drmserver_service:service_manager find;
|
|
allow radio mediaserver_service:service_manager find;
|
|
allow radio radio_service:service_manager { add find };
|
|
allow radio surfaceflinger_service:service_manager find;
|
|
allow radio system_server_service:service_manager find;
|
|
allow radio tmp_system_server_service:service_manager find;
|
|
|
|
service_manager_local_audit_domain(radio)
|
|
auditallow radio {
|
|
tmp_system_server_service
|
|
-activity_service
|
|
-appops_service
|
|
-connectivity_service
|
|
-content_service
|
|
-display_service
|
|
-dropbox_service
|
|
-network_management_service
|
|
-power_service
|
|
-registry_service
|
|
}:service_manager find;
|