From 129f8df9264666be39a2fc3fc1076594b35a44ed Mon Sep 17 00:00:00 2001
From: rpcraig <rpcraig@tycho.ncsc.mil>
Date: Tue, 21 Jan 2014 15:37:28 -0500
Subject: [PATCH] Allow mediaserver to create dirs under /data/mediadrm.

Addresses the following denial.
  avc:  denied  { create } for  pid=605 comm="Binder_2" name="IDM1013" scontext=u:r:mediaserver:s0 tcontext=u:object_r:media_data_file:s0 tclass=dir

Witnessed denial on grouper. Policy change
seems appropriate for core policy though. To
reproduce:
* erase data partition or just delete all dirs
  under /data/mediadrm
* start netflix app and watch a movie

Change-Id: I515a195d45223249847fae70dc2ea9c9b216042f
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
---
 mediaserver.te | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mediaserver.te b/mediaserver.te
index 46a9587ca..ab978fa90 100644
--- a/mediaserver.te
+++ b/mediaserver.te
@@ -18,7 +18,7 @@ binder_service(mediaserver)
 
 allow mediaserver self:process execmem;
 allow mediaserver kernel:system module_request;
-allow mediaserver media_data_file:dir rw_dir_perms;
+allow mediaserver media_data_file:dir create_dir_perms;
 allow mediaserver media_data_file:file create_file_perms;
 allow mediaserver app_data_file:dir search;
 allow mediaserver app_data_file:file rw_file_perms;
-- 
GitLab