Skip to content
Snippets Groups Projects
Commit 6c451da4 authored by dcashman's avatar dcashman
Browse files

Remove mediaserver sysfs write permissions. 

Mediaserver no longer appears, and maybe never did, need write
permission to sysfs files.
commit: 1de9c492 added auditing to
make sure this is the case, and such access has not been observed.
Remove the permissions and the associated auditallow rule to further
confine the mediaserver sandbox.

Bug: 22827371
Change-Id: I44ca1521b9791db027300aa84e54c074845aa735
parent 483fd267
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 1 addition and 2 deletions
mediaserver.te
+ 1
2
View file @ 6c451da4
......@@ -35,8 +35,7 @@ set_prop(mediaserver, audio_prop)
allow mediaserver audio_device:chr_file rw_file_perms;
# XXX Label with a specific type?
allow mediaserver sysfs:file rw_file_perms;
auditallow mediaserver sysfs:file { write append };
allow mediaserver sysfs:file r_file_perms;
# Read resources from open apk files passed over Binder.
allow mediaserver apk_data_file:file { read getattr };
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment