PWN-Hunter/android_system_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add media services to ephemeral_app

Browse Source 
Test: denials go away
Change-Id: I103cf3ad8d86b461bcba8edce02f6202fd2bcbe8
This commit is contained in:
Chad Brubaker 2017-03-29 14:53:09 -07:00
parent e3531f6397
commit b93f04945a
2 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
private/ephemeral_app.te
View File

@ -20,6 +20,13 @@ app_domain(ephemeral_app)
allow ephemeral_app { sdcard_type media_rw_data_file }:file {read write getattr ioctl lock append};
# services
allow ephemeral_app audioserver_service:service_manager find;
allow ephemeral_app cameraserver_service:service_manager find;
allow ephemeral_app mediaserver_service:service_manager find;
allow ephemeral_app mediaextractor_service:service_manager find;
allow ephemeral_app mediacodec_service:service_manager find;
allow ephemeral_app mediametrics_service:service_manager find;
allow ephemeral_app mediacasserver_service:service_manager find;
allow ephemeral_app surfaceflinger_service:service_manager find;
allow ephemeral_app radio_service:service_manager find;
allow ephemeral_app ephemeral_app_api_service:service_manager find;

3
private/untrusted_app_all.te
View File

@ -1,7 +1,8 @@
###
### Untrusted_app_all.
###
### This file defines the rules shared by all untrusted app domains.
### This file defines the rules shared by all untrusted app domains except
### ephemeral apps.
### Apps are labeled based on mac_permissions.xml (maps signer and
### optionally package name to seinfo value) and seapp_contexts (maps UID
### and optionally seinfo value to domain for process and type for data