Allow mediaserver to use app-created pipes.

Resolves denials such as: avc: denied { getattr } for path="pipe:[167684]" dev="pipefs" ino=167684 scontext=u:r:mediaserver:s0 tcontext=u:r:untrusted_app:s0 tclass=fifo_file Change-Id: I1120c8b130a592e40992c5233650345640a23a87 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

Allow mediaserver to use app-created pipes.
efc72991 · Stephen Smalley · 02e71525 · efc72991
Commit efc72991 authored 10 years ago by Stephen Smalley
--- a/mediaserver.te
+++ b/mediaserver.te
@@ -44,6 +44,9 @@ allow mediaserver asec_apk_file:file { read getattr };
 # Read /data/data/com.android.providers.telephony files passed over Binder.
 allow mediaserver radio_data_file:file { read getattr };

+# Use pipes passed over Binder from app domains.
+allow mediaserver appdomain:fifo_file { getattr read write };
+
 # Access camera device.
 allow mediaserver camera_device:chr_file rw_file_perms;
 allow mediaserver rpmsg_device:chr_file rw_file_perms;