-
Stephen Smalley authored/data/media presently is left in system_data_file, which requires anything that wants to write to it to be able to write to system_data_file. Introduce a new type for /data/media, media_rw_data_file (to match the media_rw UID assigned to it and distinguish it from /data/misc/media which has media UID and media_data_file type), and allow access to it. We allow this for all platform app domains as WRITE_MEDIA_STORAGE permission is granted to signature|system. We should not have to allow it to untrusted_app. Set up type transitions in sdcardd to automatically label any directories or files it creates with the new type. Change-Id: I5c7e6245b854a9213099e40a41d9583755d37d42 Signed-off-by:
Stephen Smalley <sds@tycho.nsa.gov>Stephen Smalley authored/data/media presently is left in system_data_file, which requires anything that wants to write to it to be able to write to system_data_file. Introduce a new type for /data/media, media_rw_data_file (to match the media_rw UID assigned to it and distinguish it from /data/misc/media which has media UID and media_data_file type), and allow access to it. We allow this for all platform app domains as WRITE_MEDIA_STORAGE permission is granted to signature|system. We should not have to allow it to untrusted_app. Set up type transitions in sdcardd to automatically label any directories or files it creates with the new type. Change-Id: I5c7e6245b854a9213099e40a41d9583755d37d42 Signed-off-by:Stephen Smalley <sds@tycho.nsa.gov>