Thanks. Should I submit that to Google, or do you like to bundle up minor policy changes and submit them together? Does that over-privilege the mediaserver? In this case it doesn't really need full write access to all app data files - the application is opening a specific data file and passing the file descriptor to the mediaserver. Read access for playing back media looks similar. Is there a better way to handle that - such as giving mediaserver read and write but not open?
Mike >-----Original Message----- >From: Stephen Smalley [mailto:[email protected]] >Sent: Wednesday, November 28, 2012 2:57 PM >To: Peck, Michael A >Cc: [email protected] >Subject: Re: Denial message from recording audio to app's internal storage >directory > >Your policy change seems reasonable, except that I would merge it into >the existing allow rule between mediaserver and app_data_file, i.e. >allow mediaserver app_data_file:file rw_file_perms; > -- This message was distributed to subscribers of the seandroid-list mailing list. If you no longer wish to subscribe, send mail to [email protected] with the words "unsubscribe seandroid-list" without quotes as the message.
