Platform app domain sdcard accesses

7585fc64 · Haiqing Jiang · Stephen Smalley · b9760aa0 · 7585fc64
Commit 7585fc64 authored 12 years ago by Haiqing Jiang Committed by Stephen Smalley 12 years ago
--- a/app.te
+++ b/app.te
@@ -22,9 +22,6 @@ allow platform_app cache_file:file create_file_perms;
 allow platform_app shell_data_file:dir search;
 allow platform_app shell_data_file:file { open getattr read };
 allow platform_app shell_data_file:lnk_file read;
-# Access the sdcard.
-allow platform_app sdcard:dir create_dir_perms;
-allow platform_app sdcard:file create_file_perms;
 # Populate /data/app/vmdl*.tmp file created by system server.
 allow platform_app apk_tmp_file:file rw_file_perms;
@@ -41,9 +38,6 @@ allow media_app mtp_device:chr_file rw_file_perms;
 # Write to /cache.
 allow media_app cache_file:dir rw_dir_perms;
 allow media_app cache_file:file create_file_perms;
-# Access sdcard.
-allow media_app sdcard:dir create_dir_perms;
-allow media_app sdcard:file create_file_perms;
 # Read/[write] to /proc/net/xt_qtaguid/ctrl and /dev/xt_qtaguid
 allow media_app qtaguid_proc:file rw_file_perms;
 allow media_app qtaguid_device:chr_file r_file_perms;
@@ -86,6 +80,9 @@ net_domain(browser_app)
 # App sandbox file accesses.
 allow platformappdomain platform_app_data_file:dir create_dir_perms;
 allow platformappdomain platform_app_data_file:notdevfile_class_set create_file_perms;
+# App sdcard file accesses
+allow platformappdomain sdcard:dir create_dir_perms;
+allow platformappdomain sdcard:file create_file_perms;
 #
 # Untrusted apps.