am 37339c76: fix mediaserver selinux denials.

* commit '37339c76': fix mediaserver selinux denials.

am 37339c76: fix mediaserver selinux denials.
35e41610 · Nick Kralevich · Android Git Automerger · e58a42f8 · 37339c76 · 35e41610
Commit 35e41610 authored 11 years ago by Nick Kralevich Committed by Android Git Automerger 11 years ago
--- a/drmserver.te
+++ b/drmserver.te
@@ -34,3 +34,6 @@ allow drmserver apk_data_file:dir rw_dir_perms;
 type_transition drmserver apk_data_file:sock_file drmserver_socket;
 allow drmserver drmserver_socket:sock_file create_file_perms;
 allow drmserver tee:unix_stream_socket connectto;
+# After taking a video, drmserver looks at the video file.
+r_dir_file(drmserver, media_rw_data_file)
--- a/mediaserver.te
+++ b/mediaserver.te
@@ -24,6 +24,7 @@ allow mediaserver app_data_file:file rw_file_perms;
 allow mediaserver platform_app_data_file:file { getattr read };
 allow mediaserver sdcard_type:file write;
 allow mediaserver graphics_device:chr_file rw_file_perms;
+allow mediaserver video_device:dir r_dir_perms;
 allow mediaserver video_device:chr_file rw_file_perms;
 allow mediaserver audio_device:dir r_dir_perms;
 allow mediaserver qemu_device:chr_file rw_file_perms;
@@ -47,8 +48,8 @@ allow mediaserver rpmsg_device:chr_file rw_file_perms;
 allow mediaserver system_server:fifo_file r_file_perms;
 # Camera data
-allow mediaserver camera_data_file:dir r_dir_perms;
+r_dir_file(mediaserver, camera_data_file)
-allow mediaserver camera_data_file:file r_file_perms;
+r_dir_file(mediaserver, media_rw_data_file)
 # Grant access to audio files to mediaserver
 allow mediaserver audio_data_file:dir ra_dir_perms;

--- a/surfaceflinger.te
+++ b/surfaceflinger.te
@@ -21,6 +21,7 @@ allow surfaceflinger graphics_device:dir search;
 allow surfaceflinger graphics_device:chr_file rw_file_perms;
 # Access /dev/video1.
+allow surfaceflinger video_device:dir r_dir_perms;
 allow surfaceflinger video_device:chr_file rw_file_perms;
 # Create and use netlink kobject uevent sockets.

--- a/system_server.te
+++ b/system_server.te
@@ -132,6 +132,7 @@ allow system_server input_device:chr_file rw_file_perms;
 allow system_server tty_device:chr_file rw_file_perms;
 allow system_server urandom_device:chr_file rw_file_perms;
 allow system_server usbaccessory_device:chr_file rw_file_perms;
+allow system_server video_device:dir r_dir_perms;
 allow system_server video_device:chr_file rw_file_perms;
 allow system_server qemu_device:chr_file rw_file_perms;
 allow system_server adbd_socket:sock_file rw_file_perms;