commit 441bad4f456ab96ac64d10a508d2a42ab8e0b365
author Avijit Kanti Das <avijitnsec@codeaurora.org> Tue May 12 14:07:41 2015 -0700
committer Divya Sharma <c_shard@codeaurora.org> Fri Jun 26 11:13:47 2015 -0700
tree 27078f93e6eaba02eafe4181a3d41f0fa76de27f
parent 11230bb0164cac6c948417d8abc255cd2b2c04f3

Replacing permissions with macros

Replacing all the permissions with macros
Allow all domians except untrusted_app to access diag_device
Restrict untrusted_app to access diag_device

Change-Id: Ibad902746f25a23f10840fae3c0bac65b2ff74e0

common/mediaserver.te

diff --git a/common/mediaserver.te b/common/mediaserver.te
index 2bdff6b..a651425 100644
--- a/common/mediaserver.te
+++ b/common/mediaserver.te
@@ -12,14 +12,16 @@
 binder_call(mediaserver, rild)
 
 qmux_socket(mediaserver)
-allow mediaserver camera_data_file:sock_file write;
+allow mediaserver camera_data_file:sock_file w_file_perms;
+
 userdebug_or_eng(`
   allow mediaserver camera_data_file:dir rw_dir_perms;
   allow mediaserver camera_data_file:file create_file_perms;
+  # Access to audio
+  allow mediaserver debugfs:file rw_file_perms;
 ')
 
-allow mediaserver sysfs_esoc:dir r_dir_perms;
-allow mediaserver sysfs_esoc:lnk_file read;
+r_dir_file(mediaserver, sysfs_esoc)
 allow mediaserver system_app_data_file:file rw_file_perms;
 
 # allow mediaserver to write DTS files
@@ -46,7 +48,8 @@
 allow mediaserver audio_data_file:sock_file { create setattr unlink };
 allow mediaserver audio_data_file:dir remove_name;
 
-#access to audio
-userdebug_or_eng('
-allow mediaserver debugfs:file rw_file_perms;
-')
+#Allow mediaserver to set camera  properties
+allow mediaserver camera_prop:property_service set;
+
+#allow mediaserver to access wfdservice
+binder_call(mediaserver, wfdservice)