Skip to content
Snippets Groups Projects
Commit 7b8f9f15 authored by Jeff Vander Stoep's avatar Jeff Vander Stoep Committed by Jeffrey Vander Stoep
Browse files

audit untrusted_app access to mtp_device 

android.process.media moved to priv_app. Add audit rule to test if
untrusted_app still requires access or if some/all permissions may
be removed.

Bug: 25085347
Change-Id: I13bae9c09bd1627b2c06ae84b069778984f9bd5d
parent 0fc831c3
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 4 additions and 0 deletions
untrusted_app.te
+ 4
0
View file @ 7b8f9f15
...@@ -60,7 +60,11 @@ allow untrusted_app system_app_data_file:file { read write getattr }; ...@@ -60,7 +60,11 @@ allow untrusted_app system_app_data_file:file { read write getattr };
# #
# Access /dev/mtp_usb. # Access /dev/mtp_usb.
# TODO android.process.media moved to priv_app domain. Does
# untrusted_app still require these permissions? Can "open"
# be removed?
allow untrusted_app mtp_device:chr_file rw_file_perms; allow untrusted_app mtp_device:chr_file rw_file_perms;
auditallow untrusted_app mtp_device:chr_file rw_file_perms;
# Access to /data/media. # Access to /data/media.
allow untrusted_app media_rw_data_file:dir create_dir_perms; allow untrusted_app media_rw_data_file:dir create_dir_perms;
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment