From d362cdf8d99ce6c4e4b3815683f54a253da6adba Mon Sep 17 00:00:00 2001
From: rpcraig <robertpcraig@gmail.com>
Date: Tue, 7 Jan 2014 21:53:01 -0500
Subject: [PATCH] Apply a label to /data/mediadrm files.

/data/mediadrm is appearing on devices but is
receiving the system_data_file type. Use the
media_data_file label to help classify these files.
This new label will help with the following denials.
with exisiting allow rules for mediaserver are already
in place.

type=1400 msg=audit(1389139139.551:308): avc:  denied  { open } for  pid=179 comm="mediaserver" name="ay64.dat" dev="mmcblk0p23" ino=136819 scontext=u:r:mediaserver:s0 tcontext=u:object_r:system_data_file:s0 tclass=file
type=1400 msg=audit(1389139140.783:309): avc:  denied  { read } for  pid=179 comm="mediaserver" name="IDM1013" dev="mmcblk0p23" ino=136818 scontext=u:r:mediaserver:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir
type=1400 msg=audit(1389139140.783:310): avc:  denied  { open } for  pid=179 comm="mediaserver" name="IDM1013" dev="mmcblk0p23" ino=136818 scontext=u:r:mediaserver:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir

Change-Id: I84ac78517fdbb0264cf07379120a62675505fc95
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
---
 file_contexts | 1 +
 1 file changed, 1 insertion(+)

diff --git a/file_contexts b/file_contexts
index f1c306b90..42b783fd2 100644
--- a/file_contexts
+++ b/file_contexts
@@ -168,6 +168,7 @@
 /data/tombstones(/.*)?	u:object_r:tombstone_data_file:s0
 /data/local/tmp(/.*)?	u:object_r:shell_data_file:s0
 /data/media(/.*)?	u:object_r:media_rw_data_file:s0
+/data/mediadrm(/.*)?	u:object_r:media_data_file:s0
 
 # Misc data
 /data/misc/adb(/.*)?            u:object_r:adb_keys_file:s0
-- 
GitLab