commit e9c2de0679f16a8ba7291aaf2cd4286bef8b2886
author Clark Scheff <clark@cyngn.com> Mon Jan 05 15:30:16 2015 -0800
committer Gerrit Code Review <gerrit@cyanogenmod.org> Wed Jan 14 15:55:41 2015 +0000
tree 5506f0688f2eee7148d856a32fab3a0a53d42626
parent afbfad59d6321e41c4ef6ef1a19f8ad25c3a7359

sepolicy: Apps need to read themed resources

Assets such as composed icons and ringtones need to be accessed
by apps.  This patch adds the policy needed to facilitate this.

Change-Id: If47920b2cc5dbafe8d71a621782bb4a3351bd68c

sepolicy/app.te

diff --git a/sepolicy/app.te b/sepolicy/app.te
new file mode 100644
index 0000000..761eb5f
--- /dev/null
+++ b/sepolicy/app.te
@@ -0,0 +1,3 @@
+# Themed resources (i.e. composed icons)
+allow appdomain theme_data_file:dir r_dir_perms;
+allow appdomain theme_data_file:file r_file_perms;

sepolicy/bootanim.te

diff --git a/sepolicy/bootanim.te b/sepolicy/bootanim.te
new file mode 100644
index 0000000..164231b
--- /dev/null
+++ b/sepolicy/bootanim.te
@@ -0,0 +1,3 @@
+# Themed resources (bootanimation)
+allow bootanim theme_data_file:dir search;
+allow bootanim theme_data_file:file r_file_perms;

sepolicy/mediaserver.te

diff --git a/sepolicy/mediaserver.te b/sepolicy/mediaserver.te
new file mode 100644
index 0000000..ea26cdf
--- /dev/null
+++ b/sepolicy/mediaserver.te
@@ -0,0 +1,3 @@
+# Themed resources (i.e. composed icons)
+allow mediaserver theme_data_file:dir r_dir_perms;
+allow mediaserver theme_data_file:file r_file_perms;

sepolicy/sepolicy.mk

diff --git a/sepolicy/sepolicy.mk b/sepolicy/sepolicy.mk
index d916a04..2f3978f 100644
--- a/sepolicy/sepolicy.mk
+++ b/sepolicy/sepolicy.mk
@@ -13,8 +13,10 @@
     property_contexts \
     seapp_contexts \
     service_contexts \
-    auditd.te \
     adbd.te \
+    app.te \
+    auditd.te \
+    bootanim.te \
     healthd.te \
     hostapd.te \
     installd.te \
@@ -28,4 +30,5 @@
     system_app.te \
     ueventd.te \
     vold.te \
+    zygote.te \
     mac_permissions.xml

sepolicy/zygote.te

diff --git a/sepolicy/zygote.te b/sepolicy/zygote.te
new file mode 100644
index 0000000..8bee8fe
--- /dev/null
+++ b/sepolicy/zygote.te
@@ -0,0 +1,3 @@
+allow zygote theme_data_file:file r_file_perms;
+allow zygote theme_data_file:dir r_dir_perms;
+