From 7b8f9f153edf7c8bbefe3d472c86419d8048e5dd Mon Sep 17 00:00:00 2001
From: Jeff Vander Stoep <jeffv@google.com>
Date: Mon, 19 Oct 2015 15:05:07 -0700
Subject: [PATCH] audit untrusted_app access to mtp_device

android.process.media moved to priv_app. Add audit rule to test if
untrusted_app still requires access or if some/all permissions may
be removed.

Bug: 25085347
Change-Id: I13bae9c09bd1627b2c06ae84b069778984f9bd5d
---
 untrusted_app.te | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/untrusted_app.te b/untrusted_app.te
index e68c57013..6c21cc573 100644
--- a/untrusted_app.te
+++ b/untrusted_app.te
@@ -60,7 +60,11 @@ allow untrusted_app system_app_data_file:file { read write getattr };
 #
 
 # Access /dev/mtp_usb.
+# TODO android.process.media moved to priv_app domain. Does
+# untrusted_app still require these permissions? Can "open"
+# be removed?
 allow untrusted_app mtp_device:chr_file rw_file_perms;
+auditallow untrusted_app mtp_device:chr_file rw_file_perms;
 
 # Access to /data/media.
 allow untrusted_app media_rw_data_file:dir create_dir_perms;
-- 
GitLab