mediaserver: grant perms from domain_deprecated

In preparation of removing permissions from domain_deprecated. Addresses: avc: denied { getattr } for path="/proc/self" dev="proc" ino=4026531841 scontext=u:r:mediaserver:s0 tcontext=u:object_r:proc:s0 tclass=lnk_file permissive=1 avc: denied { read } for name="mediadrm" dev="mmcblk0p24" ino=209 scontext=u:r:mediaserver:s0 tcontext=u:object_r:system_file:s0 tclass=dir permissive=1 avc: denied { open } for path="/vendor/lib/mediadrm" dev="mmcblk0p24" ino=209 scontext=u:r:mediaserver:s0 tcontext=u:object_r:system_file:s0 tclass=dir permissive=1 Change-Id: Ibffa0c9a31316b9a2f1912ae68a8dcd3a4e671b7

mediaserver: grant perms from domain_deprecated
In preparation of removing permissions from domain_deprecated. Addresses: avc: denied { getattr } for path="/proc/self" dev="proc" ino=4026531841 scontext=u:r:mediaserver:s0 tcontext=u:object_r:proc:s0 tclass=lnk_file permissive=1 avc: denied { read } for name="mediadrm" dev="mmcblk0p24" ino=209 scontext=u:r:mediaserver:s0 tcontext=u:object_r:system_file:s0 tclass=dir permissive=1 avc: denied { open } for path="/vendor/lib/mediadrm" dev="mmcblk0p24" ino=209 scontext=u:r:mediaserver:s0 tcontext=u:object_r:system_file:s0 tclass=dir permissive=1 Change-Id: Ibffa0c9a31316b9a2f1912ae68a8dcd3a4e671b7
72e78bfc · Jeff Vander Stoep · cdae042a · 72e78bfc
Commit 72e78bfc authored 9 years ago by Jeff Vander Stoep
--- a/mediaserver.te
+++ b/mediaserver.te
@@ -9,6 +9,12 @@ init_daemon_domain(mediaserver)

 r_dir_file(mediaserver, sdcard_type)

+# stat /proc/self
+allow mediaserver proc:lnk_file getattr;
+
+# open /vendor/lib/mediadrm
+allow mediaserver system_file:dir r_dir_perms;
+
 binder_use(mediaserver)
 binder_call(mediaserver, binderservicedomain)
 binder_call(mediaserver, appdomain)