am aeb3eb7c: resolved conflicts for merge of dfee702c to klp-modular-dev-plus-aosp

* commit 'aeb3eb7c': DO NOT MERGE: Address system_server denials.

am aeb3eb7c: resolved conflicts for merge of dfee702c to klp-modular-dev-plus-aosp
* commit 'aeb3eb7c': DO NOT MERGE: Address system_server denials.
05e22631 · Nick Kralevich · Android Git Automerger · fc00a2b8 · aeb3eb7c · 05e22631
Commit 05e22631 authored 10 years ago by Nick Kralevich Committed by Android Git Automerger 10 years ago
--- a/system_server.te
+++ b/system_server.te
@@ -67,6 +67,9 @@ allow system_server self:netlink_kobject_uevent_socket create_socket_perms;
 # Use generic netlink sockets.
 allow system_server self:netlink_socket create_socket_perms;
+# Use generic netlink sockets.
+allow system_server self:netlink_socket create_socket_perms;
 # Kill apps.
 allow system_server appdomain:process { sigkill signal };
@@ -138,6 +141,10 @@ r_dir_file(system_server, inputflinger)
 allow system_server mediaserver:tcp_socket rw_socket_perms;
 allow system_server mediaserver:udp_socket rw_socket_perms;
+# Use sockets received over binder from various services.
+allow system_server mediaserver:tcp_socket rw_socket_perms;
+allow system_server mediaserver:udp_socket rw_socket_perms;
 # Check SELinux permissions.
 selinux_check_access(system_server)
@@ -241,6 +248,9 @@ allow system_server cache_backup_file:file { relabelto relabelfrom };
 # LocalTransport creates and relabels /cache/backup
 allow system_server cache_backup_file:dir { relabelto relabelfrom create_dir_perms };
+# Access SDcard files passed via binder or sockets.
+allow system_server sdcard_type:file { read write getattr };
 # Allow system to talk to usb device
 allow system_server usb_device:chr_file rw_file_perms;
 allow system_server usb_device:dir r_dir_perms;