diff options
| author | Nick Kralevich <nnk@google.com> | 2015-01-26 15:14:04 -0800 |
|---|---|---|
| committer | Nick Kralevich <nnk@google.com> | 2015-01-26 15:25:03 -0800 |
| commit | bfe4c8ba89aebe0154aeaee6ce65215095fe0840 (patch) | |
| tree | 9ee9578588c0d822c5ee47053e1a300b17cecd35 /radio.te | |
| parent | 5fef2de32079337d99f4515fa3a70cb2faed1305 (diff) | |
| download | android_external_sepolicy-bfe4c8ba89aebe0154aeaee6ce65215095fe0840.tar.gz android_external_sepolicy-bfe4c8ba89aebe0154aeaee6ce65215095fe0840.tar.bz2 android_external_sepolicy-bfe4c8ba89aebe0154aeaee6ce65215095fe0840.zip | |
radio.te: make radio mlstrustedsubject
Messenger can't send MMSes on the master branch. When Messenger sends
an MMS, it stores the message data in local file and publishes it
via a content provider. The URI is passed to the MMS API. The
MmsServiceBroker in system process gets the call and grant URI
permission to phone UID. The MmsService in phone process (and sharing
the phone UID) needs to read the URI to get message data to send.
Addresses the following denial:
type=1400 audit(0.0:32): avc: denied { read } for path="/data/data/com.google.android.apps.messaging/cache/rawmms/5394791820000274558.dat" dev="mmcblk0p28" ino=83180 scontext=u:r:radio:s0 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=file
Change-Id: I2b694ff6c516714d3524e0613bae0f6773ed2e95
Diffstat (limited to 'radio.te')
| -rw-r--r-- | radio.te | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -1,5 +1,5 @@ # phone subsystem -type radio, domain; +type radio, domain, mlstrustedsubject; app_domain(radio) net_domain(radio) bluetooth_domain(radio) |