Change-Id: If5755d9783dce298e66a25bcb7f17ff17bd83ea7 --- mediaserver.te | 13 ++++++++++--- property.te | 1 + property_contexts | 1 + 3 files changed, 12 insertions(+), 3 deletions(-)
diff --git a/mediaserver.te b/mediaserver.te index 4b299a0..483930b 100644 --- a/mediaserver.te +++ b/mediaserver.te @@ -2,18 +2,23 @@ type mediaserver, domain; type mediaserver_exec, exec_type, file_type; +typeattribute mediaserver mlstrustedsubject; + init_daemon_domain(mediaserver) +unix_socket_connect(mediaserver, property, init) net_domain(mediaserver) -typeattribute mediaserver mlstrustedsubject; -allow mediaserver kernel:system module_request; + binder_use(mediaserver) binder_call(mediaserver, binderservicedomain) binder_call(mediaserver, appdomain) binder_transfer(mediaserver, surfaceflinger) binder_service(mediaserver) + +r_dir_file(mediaserver, sdcard) + allow mediaserver app_data_file:dir search; +allow mediaserver kernel:system module_request; allow mediaserver app_data_file:file r_file_perms; -r_dir_file(mediaserver, sdcard) allow mediaserver sdcard:file write; allow mediaserver camera_device:chr_file rw_file_perms; allow mediaserver graphics_device:chr_file rw_file_perms; @@ -21,6 +26,7 @@ allow mediaserver video_device:chr_file rw_file_perms; allow mediaserver audio_device:dir r_dir_perms; allow mediaserver audio_device:chr_file rw_file_perms; allow mediaserver qemu_device:chr_file rw_file_perms; + # XXX Label with a specific type? allow mediaserver sysfs:file rw_file_perms; # XXX Why? @@ -43,3 +49,4 @@ allow mediaserver qtaguid_device:chr_file r_file_perms; allow mediaserver rild:unix_stream_socket connectto; allow mediaserver tee_device:chr_file rw_file_perms; +allow mediaserver audio_prop:property_service set; diff --git a/property.te b/property.te index b62004e..ed84c64 100644 --- a/property.te +++ b/property.te @@ -7,3 +7,4 @@ type rild_prop, property_type; type ctl_default_prop, property_type; type ctl_dumpstate_prop, property_type; type ctl_rildaemon_prop, property_type; +type audio_prop, property_type; diff --git a/property_contexts b/property_contexts index a08ae80..d86bcb6 100644 --- a/property_contexts +++ b/property_contexts @@ -29,6 +29,7 @@ log. u:object_r:shell_prop:s0 service.adb.root u:object_r:shell_prop:s0 service.adb.tcp.port u:object_r:shell_prop:s0 +persist.audio. u:object_r:audio_prop:s0 persist.sys. u:object_r:system_prop:s0 persist.service. u:object_r:system_prop:s0 persist.security. u:object_r:system_prop:s0 -- 1.8.0 -- This message was distributed to subscribers of the seandroid-list mailing list. If you no longer wish to subscribe, send mail to majord...@tycho.nsa.gov with the words "unsubscribe seandroid-list" without quotes as the message.
