From 4e030c2a0f712e1e2b219239babca2d8bd007588 Mon Sep 17 00:00:00 2001
From: William Roberts <w.roberts@sta.samsung.com>
Date: Wed, 28 Nov 2012 12:18:30 -0800
Subject: [PATCH] mediaserver.te refactor

Change-Id: Ieaff9f3362c71e25e5c8e7204397a85ff14fff97
---
 mediaserver.te | 20 +++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)

diff --git a/mediaserver.te b/mediaserver.te
index 0181e29ec..f5274d95c 100644
--- a/mediaserver.te
+++ b/mediaserver.te
@@ -2,19 +2,23 @@
 type mediaserver, domain;
 type mediaserver_exec, exec_type, file_type;
 
+typeattribute mediaserver mlstrustedsubject;
+
+net_domain(mediaserver)
 init_daemon_domain(mediaserver)
 unix_socket_connect(mediaserver, property, init)
-net_domain(mediaserver)
-typeattribute mediaserver mlstrustedsubject;
-allow mediaserver kernel:system module_request;
+
+r_dir_file(mediaserver, sdcard)
+
 binder_use(mediaserver)
 binder_call(mediaserver, binderservicedomain)
 binder_call(mediaserver, appdomain)
 binder_transfer(mediaserver, surfaceflinger)
 binder_service(mediaserver)
+
+allow mediaserver kernel:system module_request;
 allow mediaserver app_data_file:dir search;
 allow mediaserver app_data_file:file r_file_perms;
-r_dir_file(mediaserver, sdcard)
 allow mediaserver sdcard:file write;
 allow mediaserver camera_device:chr_file rw_file_perms;
 allow mediaserver graphics_device:chr_file rw_file_perms;
@@ -22,8 +26,12 @@ allow mediaserver video_device:chr_file rw_file_perms;
 allow mediaserver audio_device:dir r_dir_perms;
 allow mediaserver audio_device:chr_file rw_file_perms;
 allow mediaserver qemu_device:chr_file rw_file_perms;
+allow mediaserver tee_device:chr_file rw_file_perms;
+allow mediaserver audio_prop:property_service set;
+
 # XXX Label with a specific type?
 allow mediaserver sysfs:file rw_file_perms;
+
 # XXX Why?
 allow mediaserver apk_data_file:file { read getattr };
 
@@ -40,8 +48,6 @@ allow mediaserver camera_calibration_file:file r_file_perms;
 # Read/[write] to /proc/net/xt_qtaguid/ctrl and /dev/xt_qtaguid
 allow mediaserver qtaguid_proc:file rw_file_perms;
 allow mediaserver qtaguid_device:chr_file r_file_perms;
+
 # Allow abstract socket connection
 allow mediaserver rild:unix_stream_socket connectto;
-
-allow mediaserver tee_device:chr_file rw_file_perms;
-allow mediaserver audio_prop:property_service set;
-- 
GitLab