From 1a1ad959aebb823e60e8a1dc55dfc312eebe2529 Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Tue, 4 Feb 2014 21:49:01 +0000
Subject: [PATCH] Revert "Move tlcd_sock policy over to manta."

This doesn't compile on non-manta devices because of a
missing drmserver_socket declaration.

external/sepolicy/mediaserver.te":68:ERROR 'unknown type drmserver_socket' at token ';' on line 6764:
#line 68
allow mediaserver drmserver_socket:sock_file write;
checkpolicy:  error(s) encountered while parsing configuration
make: *** [out/target/product/flo/obj/ETC/sepolicy_intermediates/sepolicy] Error 1
make: *** Waiting for unfinished jobs....

This reverts commit 8cd400d3c4a5a9eb9bd8b0392260200bd23e6548.

Change-Id: Ib8f07b57008b9ed1165b945057502779e806f0f8
---
 drmserver.te | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/drmserver.te b/drmserver.te
index 584fd65b9..2fbb6613e 100644
--- a/drmserver.te
+++ b/drmserver.te
@@ -25,8 +25,16 @@ allow drmserver { app_data_file asec_apk_file }:file { read write getattr };
 allow drmserver sdcard_type:file { read write getattr };
 r_dir_file(drmserver, efs_file)
 
-# Connect to tee service.
+type drmserver_socket, file_type;
+
+# /data/app/tlcd_sock socket file.
+# Clearly, /data/app is the most logical place to create a socket.  Not.
+allow drmserver apk_data_file:dir rw_dir_perms;
+type_transition drmserver apk_data_file:sock_file drmserver_socket;
+allow drmserver drmserver_socket:sock_file create_file_perms;
 allow drmserver tee:unix_stream_socket connectto;
+# Delete old socket file if present.
+allow drmserver apk_data_file:sock_file unlink;
 
 # After taking a video, drmserver looks at the video file.
 r_dir_file(drmserver, media_rw_data_file)
-- 
GitLab