-
rpcraig authored
/data/mediadrm is appearing on devices but is receiving the system_data_file type. Use the media_data_file label to help classify these files. This new label will help with the following denials. with exisiting allow rules for mediaserver are already in place. type=1400 msg=audit(1389139139.551:308): avc: denied { open } for pid=179 comm="mediaserver" name="ay64.dat" dev="mmcblk0p23" ino=136819 scontext=u:r:mediaserver:s0 tcontext=u:object_r:system_data_file:s0 tclass=file type=1400 msg=audit(1389139140.783:309): avc: denied { read } for pid=179 comm="mediaserver" name="IDM1013" dev="mmcblk0p23" ino=136818 scontext=u:r:mediaserver:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir type=1400 msg=audit(1389139140.783:310): avc: denied { open } for pid=179 comm="mediaserver" name="IDM1013" dev="mmcblk0p23" ino=136818 scontext=u:r:mediaserver:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir Change-Id: I84ac78517fdbb0264cf07379120a62675505fc95 Signed-off-by:rpcraig <rpcraig@tycho.ncsc.mil>
d362cdf8
file_contexts 8.84 KiB