From ba745673aaab935b63234d3ad4a870599e31db70 Mon Sep 17 00:00:00 2001
From: Stephen Smalley <sds@tycho.nsa.gov>
Date: Thu, 6 Mar 2014 15:00:59 -0500
Subject: [PATCH] Allow mediaserver to connect to tee service.

Resolves denials such as:

avc:  denied  { connectto } for  pid=7028 comm="wfd_looper" path=006D636461656D6F6E scontext=u:r:mediaserver:s0 tcontext=u:r:tee:s0 tclass=unix_stream_socket

This is a socket in the abstract namespace so no socket file is involved.

Change-Id: Ia0e384c08063466cfd0f17af3bccf294c7f9dbbd
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
 mediaserver.te | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/mediaserver.te b/mediaserver.te
index ad291b088..1019fc729 100644
--- a/mediaserver.te
+++ b/mediaserver.te
@@ -69,3 +69,6 @@ unix_socket_connect(mediaserver, drmserver, drmserver)
 # Needed on some devices for playing audio on paired BT device,
 # but seems appropriate for all devices.
 unix_socket_connect(mediaserver, bluetooth, bluetooth)
+
+# Connect to tee service.
+allow mediaserver tee:unix_stream_socket connectto;
-- 
GitLab