Allow mediaserver to create dirs under /data/mediadrm.

Addresses the following denial. avc: denied { create } for pid=605 comm="Binder_2" name="IDM1013" scontext=u:r:mediaserver:s0 tcontext=u:object_r:media_data_file:s0 tclass=dir Witnessed denial on grouper. Policy change seems appropriate for core policy though. To reproduce: * erase data partition or just delete all dirs under /data/mediadrm * start netflix app and watch a movie Change-Id: I515a195d45223249847fae70dc2ea9c9b216042f Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>

Allow mediaserver to create dirs under /data/mediadrm.
129f8df9 · rpcraig · 2e7a301f · 129f8df9
Commit 129f8df9 authored 11 years ago by rpcraig
--- a/mediaserver.te
+++ b/mediaserver.te
@@ -18,7 +18,7 @@ binder_service(mediaserver)

 allow mediaserver self:process execmem;
 allow mediaserver kernel:system module_request;
-allow mediaserver media_data_file:dir rw_dir_perms;
+allow mediaserver media_data_file:dir create_dir_perms;
 allow mediaserver media_data_file:file create_file_perms;
 allow mediaserver app_data_file:dir search;
 allow mediaserver app_data_file:file rw_file_perms;