audit untrusted_app access to mtp_device

android.process.media moved to priv_app. Add audit rule to test if untrusted_app still requires access or if some/all permissions may be removed. Bug: 25085347 Change-Id: I13bae9c09bd1627b2c06ae84b069778984f9bd5d
2015-10-19 15:05:07 -07:00 · 2015-10-19 15:05:07 -07:00 · 7b8f9f153e
commit 7b8f9f153e
parent 0fc831c3b0
1 changed files with 4 additions and 0 deletions
--- a/untrusted_app.te
+++ b/untrusted_app.te
@ -60,7 +60,11 @@ allow untrusted_app system_app_data_file:file { read write getattr };
 #

 # Access /dev/mtp_usb.
+# TODO android.process.media moved to priv_app domain. Does
+# untrusted_app still require these permissions? Can "open"
+# be removed?
 allow untrusted_app mtp_device:chr_file rw_file_perms;
+auditallow untrusted_app mtp_device:chr_file rw_file_perms;

 # Access to /data/media.
 allow untrusted_app media_rw_data_file:dir create_dir_perms;