From a73f58aee166047412213df3c3a0c8b91864cfcb Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Wed, 17 Oct 2018 10:13:25 -0700
Subject: [PATCH] mediaprovider: add functionfs ioctl

Addresses the following denial:

type=1400 audit(0.0:51894): avc: denied { ioctl } for comm="MtpServer" path="/dev/usb-ffs/mtp/ep1" dev="functionfs" ino=30291 ioctlcmd=0x6782 scontext=u:r:mediaprovider:s0:c512,c768 tcontext=u:object_r:functionfs:s0 tclass=file permissive=0 app=com.android.providers.media

Test: policy compiles.
Change-Id: I5290abb2848e5824669dae4cea829d4cbea98ab4
---
 private/mediaprovider.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/private/mediaprovider.te b/private/mediaprovider.te
index f5c9f690e..249fee179 100644
--- a/private/mediaprovider.te
+++ b/private/mediaprovider.te
@@ -37,6 +37,7 @@ allow mediaprovider mtp_device:chr_file rw_file_perms;
 # MtpServer uses /dev/usb-ffs/mtp
 allow mediaprovider functionfs:dir search;
 allow mediaprovider functionfs:file rw_file_perms;
+allowxperm mediaprovider functionfs:file ioctl FUNCTIONFS_ENDPOINT_DESC;
 
 # MtpServer sets sys.usb.ffs.mtp.ready
 set_prop(mediaprovider, ffs_prop)
-- 
GitLab