Merge "Allow access to media_rw_data_file for now." into nyc-dev

adbd.te

@@ -102,5 +102,7 @@ allow adbd mnt_user_file:dir r_dir_perms;
 allow adbd mnt_user_file:lnk_file r_file_perms;
 
 # Access to /data/media.
+# This should be removed if sdcardfs is modified to alter the secontext for its
+# accesses to the underlying FS.
 allow adbd media_rw_data_file:dir create_dir_perms;
 allow adbd media_rw_data_file:file create_file_perms;

kernel.te

@@ -65,6 +65,12 @@ allow kernel asec_image_file:file read;
 
 domain_auto_trans(kernel, init_exec, init)
 
+# Access to /data/media.
+# This should be removed if sdcardfs is modified to alter the secontext for its
+# accesses to the underlying FS.
+allow kernel media_rw_data_file:dir create_dir_perms;
+allow kernel media_rw_data_file:file create_file_perms;
+
 ###
 ### neverallow rules
 ###

mediaserver.te

@@ -124,6 +124,12 @@ allow mediaserver drmserver:drmservice {
 allowxperm mediaserver self:{ rawip_socket tcp_socket udp_socket }
   ioctl { unpriv_sock_ioctls unpriv_tty_ioctls };
 
+# Access to /data/media.
+# This should be removed if sdcardfs is modified to alter the secontext for its
+# accesses to the underlying FS.
+allow mediaserver media_rw_data_file:dir create_dir_perms;
+allow mediaserver media_rw_data_file:file create_file_perms;
+
 ###
 ### neverallow rules
 ###

shell.te

@@ -123,6 +123,8 @@ allow shell sysfs:dir r_dir_perms;
 allow shell ion_device:chr_file rw_file_perms;
 
 # Access to /data/media.
+# This should be removed if sdcardfs is modified to alter the secontext for its
+# accesses to the underlying FS.
 allow shell media_rw_data_file:dir create_dir_perms;
 allow shell media_rw_data_file:file create_file_perms;