From bfe4c8ba89aebe0154aeaee6ce65215095fe0840 Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Mon, 26 Jan 2015 15:14:04 -0800
Subject: [PATCH] radio.te: make radio mlstrustedsubject

Messenger can't send MMSes on the master branch. When Messenger sends
an MMS, it stores the message data in local file and publishes it
via a content provider. The URI is passed to the MMS API. The
MmsServiceBroker in system process gets the call and grant URI
permission to phone UID. The MmsService in phone process (and sharing
the phone UID) needs to read the URI to get message data to send.

Addresses the following denial:

  type=1400 audit(0.0:32): avc: denied { read } for path="/data/data/com.google.android.apps.messaging/cache/rawmms/5394791820000274558.dat" dev="mmcblk0p28" ino=83180 scontext=u:r:radio:s0 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=file

Change-Id: I2b694ff6c516714d3524e0613bae0f6773ed2e95
---
 radio.te | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/radio.te b/radio.te
index f18f46219..a21fd89c1 100644
--- a/radio.te
+++ b/radio.te
@@ -1,5 +1,5 @@
 # phone subsystem
-type radio, domain;
+type radio, domain, mlstrustedsubject;
 app_domain(radio)
 net_domain(radio)
 bluetooth_domain(radio)
-- 
GitLab