1 ### 2 ### A domain for android.process.media, which contains both 3 ### MediaProvider and DownloadProvider and associated services. 4 ### 5 6 typeattribute mediaprovider coredomain; 7 app_domain(mediaprovider) 8 9 # DownloadProvider accesses the network. 10 net_domain(mediaprovider) 11 12 # DownloadProvider uses /cache. 13 allow mediaprovider cache_file:dir create_dir_perms; 14 allow mediaprovider cache_file:file create_file_perms; 15 # /cache is a symlink to /data/cache on some devices. Allow reading the link. 16 allow mediaprovider cache_file:lnk_file r_file_perms; 17 # mediaprovider searches through /cache looking for orphans 18 # Ignore denials to /cache/recovery and /cache/backup. 19 dontaudit mediaprovider cache_private_backup_file:dir getattr; 20 dontaudit mediaprovider cache_recovery_file:dir getattr; 21 22 # Access external sdcards through /mnt/media_rw 23 allow mediaprovider { mnt_media_rw_file }:dir search; 24 25 allow mediaprovider app_api_service:service_manager find; 26 allow mediaprovider audioserver_service:service_manager find; 27 allow mediaprovider drmserver_service:service_manager find; 28 allow mediaprovider mediaextractor_service:service_manager find; 29 allow mediaprovider mediaserver_service:service_manager find; 30 31 # Allow MediaProvider to read/write cached ringtones (opened by system). 32 allow mediaprovider ringtone_file:file { getattr read write }; 33 34 # MtpServer uses /dev/mtp_usb 35 allow mediaprovider mtp_device:chr_file rw_file_perms; 36 37 # MtpServer uses /dev/usb-ffs/mtp 38 allow mediaprovider functionfs:dir search; 39 allow mediaprovider functionfs:file rw_file_perms; 40 41 # MtpServer sets sys.usb.ffs.mtp.ready 42 set_prop(mediaprovider, ffs_prop) 43 set_prop(mediaprovider, exported_ffs_prop) 44
