###
### Apps signed with the media key.
###

type media_app, domain;
app_domain(media_app)
platform_app_domain(media_app)
binder_service(media_app)
# Access the network.
net_domain(media_app)
# Access /dev/mtp_usb.
allow media_app mtp_device:chr_file rw_file_perms;
# Stat /cache/backup
allow media_app cache_backup_file:file getattr;
allow media_app cache_backup_file:dir getattr;
# Create download files.
allow media_app download_file:dir rw_dir_perms;
allow media_app download_file:file create_file_perms;
# Allow platform apps to mark platform app data files as download files
relabelto_domain(media_app)
allow media_app platform_app_data_file:dir relabelfrom;
allow media_app download_file:dir relabelto;

# inherits from platformappdomain.te