Skip to content
Snippets Groups Projects
Commit ae2a35c6 authored by Nick Kralevich's avatar Nick Kralevich Committed by Gerrit Code Review
Browse files

Merge "Label /data/media with its own type and allow access."

parents c4d7c0d7 e13fabd7
No related branches found
No related tags found
No related merge requests found
...@@ -60,6 +60,7 @@ type bluetooth_data_file, file_type, data_file_type; ...@@ -60,6 +60,7 @@ type bluetooth_data_file, file_type, data_file_type;
type camera_data_file, file_type, data_file_type; type camera_data_file, file_type, data_file_type;
type keystore_data_file, file_type, data_file_type; type keystore_data_file, file_type, data_file_type;
type media_data_file, file_type, data_file_type; type media_data_file, file_type, data_file_type;
type media_rw_data_file, file_type, data_file_type;
type nfc_data_file, file_type, data_file_type; type nfc_data_file, file_type, data_file_type;
type radio_data_file, file_type, data_file_type; type radio_data_file, file_type, data_file_type;
type systemkeys_data_file, file_type, data_file_type; type systemkeys_data_file, file_type, data_file_type;
......
...@@ -170,6 +170,7 @@ ...@@ -170,6 +170,7 @@
/data/app-private/vmdl.*\.tmp u:object_r:apk_private_tmp_file:s0 /data/app-private/vmdl.*\.tmp u:object_r:apk_private_tmp_file:s0
/data/tombstones(/.*)? u:object_r:tombstone_data_file:s0 /data/tombstones(/.*)? u:object_r:tombstone_data_file:s0
/data/local/tmp(/.*)? u:object_r:shell_data_file:s0 /data/local/tmp(/.*)? u:object_r:shell_data_file:s0
/data/media(/.*)? u:object_r:media_rw_data_file:s0
# Misc data # Misc data
/data/misc/adb(/.*)? u:object_r:adb_keys_file:s0 /data/misc/adb(/.*)? u:object_r:adb_keys_file:s0
......
...@@ -39,3 +39,6 @@ allow platformappdomain platform_app_data_file:notdevfile_class_set create_file_ ...@@ -39,3 +39,6 @@ allow platformappdomain platform_app_data_file:notdevfile_class_set create_file_
# App sdcard file accesses # App sdcard file accesses
allow platformappdomain sdcard_type:dir create_dir_perms; allow platformappdomain sdcard_type:dir create_dir_perms;
allow platformappdomain sdcard_type:file create_file_perms; allow platformappdomain sdcard_type:file create_file_perms;
# Access to /data/media.
allow platformappdomain media_rw_data_file:dir create_dir_perms;
allow platformappdomain media_rw_data_file:file create_file_perms;
...@@ -3,3 +3,7 @@ type sdcardd_exec, exec_type, file_type; ...@@ -3,3 +3,7 @@ type sdcardd_exec, exec_type, file_type;
init_daemon_domain(sdcardd) init_daemon_domain(sdcardd)
unconfined_domain(sdcardd) unconfined_domain(sdcardd)
type_transition sdcardd system_data_file:{ dir file } media_rw_data_file;
allow sdcardd media_rw_data_file:dir create_dir_perms;
allow sdcardd media_rw_data_file:file create_file_perms;
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment