Move MediaProvider to its own domain, add new MtpServer permissions
Also move necessary priv_app permissions into MediaProvider domain and
remove MediaProvider specific permissions from priv_app.
The new MtpServer permissions fix the following denials:
avc: denied { write } for comm=6D747020666673206F70656E name="ep0" dev="functionfs" ino=12326 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:functionfs:s0 tclass=file permissive=1
denial from setting property sys.usb.ffs.mtp.ready, context priv_app
Bug: 30976142
Test: Manual, verify permissions are allowed
Change-Id: I4e66c5a8b36be21cdb726b5d00c1ec99c54a4aa4
Showing
- private/mac_permissions.xml 5 additions, 0 deletionsprivate/mac_permissions.xml
- private/mediaprovider.te 1 addition, 0 deletionsprivate/mediaprovider.te
- private/seapp_contexts 1 addition, 0 deletionsprivate/seapp_contexts
- public/file.te 1 addition, 1 deletionpublic/file.te
- public/mediaprovider.te 50 additions, 0 deletionspublic/mediaprovider.te
- public/priv_app.te 0 additions, 7 deletionspublic/priv_app.te
Loading
Please register or sign in to comment