From 52da39d9a421dbcf5eec99cb10f23c7dd0cd93cb Mon Sep 17 00:00:00 2001
From: Jeff Sharkey <jsharkey@android.com>
Date: Tue, 13 Dec 2016 09:19:38 -0700
Subject: [PATCH] Partially revert "mediaprovider" SELinux domain.

The new domain wasn't fully tested, and it caused many regressions
on the daily build.  Revert back to using "priv_app" domain until we
can fully test and re-land the new domain.

Temporarily add the USB functionfs capabilities to priv_app domain
to keep remainder of MtpService changes working; 33574909 is tracking
removing that from the priv_app domain.

Test: builds, boots, verified UI and downloads
Bug: 33569176, 33568261, 33574909
Change-Id: I1bd0561d52870df0fe488e59ae8307b89978a9cb
---
 private/mediaprovider.te |  1 -
 private/seapp_contexts   |  1 -
 public/mediaprovider.te  | 50 ----------------------------------------
 public/priv_app.te       | 14 +++++++++++
 4 files changed, 14 insertions(+), 52 deletions(-)
 delete mode 100644 private/mediaprovider.te
 delete mode 100644 public/mediaprovider.te

diff --git a/private/mediaprovider.te b/private/mediaprovider.te
deleted file mode 100644
index a0ac0294f..000000000
--- a/private/mediaprovider.te
+++ /dev/null
@@ -1 +0,0 @@
-app_domain(mediaprovider)
diff --git a/private/seapp_contexts b/private/seapp_contexts
index 128900180..6349a97f9 100644
--- a/private/seapp_contexts
+++ b/private/seapp_contexts
@@ -93,7 +93,6 @@ user=radio seinfo=platform domain=radio type=radio_data_file
 user=shared_relro domain=shared_relro
 user=shell seinfo=platform domain=shell type=shell_data_file
 user=_isolated domain=isolated_app levelFrom=user
-user=_app seinfo=media domain=mediaprovider name=android.process.media type=app_data_file levelFrom=user
 user=_app seinfo=platform domain=platform_app type=app_data_file levelFrom=user
 user=_app isEphemeralApp=true domain=ephemeral_app type=ephemeral_data_file levelFrom=all
 user=_app isPrivApp=true domain=priv_app type=app_data_file levelFrom=user
diff --git a/public/mediaprovider.te b/public/mediaprovider.te
deleted file mode 100644
index f34410bcb..000000000
--- a/public/mediaprovider.te
+++ /dev/null
@@ -1,50 +0,0 @@
-type mediaprovider, domain;
-
-# MtpServer uses /dev/mtp_usb
-allow mediaprovider mtp_device:chr_file rw_file_perms;
-
-# MtpServer uses /dev/usb-ffs/mtp
-allow mediaprovider functionfs:dir search;
-allow mediaprovider functionfs:file rw_file_perms;
-
-# MtpServer sets sys.usb.ffs.mtp.ready
-set_prop(mediaprovider, ffs_prop)
-
-allow mediaprovider mediacodec_service:service_manager find;
-allow mediaprovider mediadrmserver_service:service_manager find;
-allow mediaprovider mediaextractor_service:service_manager find;
-allow mediaprovider mediaserver_service:service_manager find;
-allow mediaprovider app_api_service:service_manager find;
-allow mediaprovider system_api_service:service_manager find;
-
-# /sys and /proc access
-r_dir_file(mediaprovider, sysfs_type)
-r_dir_file(mediaprovider, proc)
-r_dir_file(mediaprovider, rootfs)
-
-# Access to /data/preloads
-allow mediaprovider preloads_data_file:file r_file_perms;
-
-###
-### neverallow rules (see corresponding rules in priv_app)
-###
-
-# Receive or send uevent messages.
-neverallow mediaprovider domain:netlink_kobject_uevent_socket *;
-
-# Receive or send generic netlink messages
-neverallow mediaprovider domain:netlink_socket *;
-
-# Too much leaky information in debugfs. It's a security
-# best practice to ensure these files aren't readable.
-neverallow mediaprovider debugfs:file read;
-
-# Only trusted components of Android should be registering
-# services.
-neverallow mediaprovider service_manager_type:service_manager add;
-
-# Do not allow mediaprovider to be assigned mlstrustedsubject.
-neverallow mediaprovider mlstrustedsubject:process fork;
-
-# Do not allow mediaprovider to hard link to any files.
-neverallow mediaprovider file_type:file link;
diff --git a/public/priv_app.te b/public/priv_app.te
index 2f2bfab20..5f9889f6f 100644
--- a/public/priv_app.te
+++ b/public/priv_app.te
@@ -89,6 +89,20 @@ allow priv_app ringtone_file:file { getattr read write };
 allow priv_app preloads_data_file:file r_file_perms;
 allow priv_app preloads_data_file:dir r_dir_perms;
 
+# TODO: revert this as part of fixing 33574909
+# android.process.media uses /dev/mtp_usb
+allow priv_app mtp_device:chr_file rw_file_perms;
+
+# TODO: revert this as part of fixing 33574909
+# MtpServer uses /dev/usb-ffs/mtp
+allow priv_app functionfs:dir search;
+allow priv_app functionfs:file rw_file_perms;
+
+# TODO: revert this as part of fixing 33574909
+# Traverse into /mnt/media_rw for bypassing FUSE daemon
+# TODO: narrow this to just MediaProvider
+allow priv_app mnt_media_rw_file:dir search;
+
 ###
 ### neverallow rules
 ###
-- 
GitLab