diff options
Diffstat (limited to 'drmserver.te')
| -rw-r--r-- | drmserver.te | 55 |
1 files changed, 0 insertions, 55 deletions
diff --git a/drmserver.te b/drmserver.te deleted file mode 100644 index 3b654cc..0000000 --- a/drmserver.te +++ /dev/null @@ -1,55 +0,0 @@ -# drmserver - DRM service -type drmserver, domain, domain_deprecated; -type drmserver_exec, exec_type, file_type; - -init_daemon_domain(drmserver) -typeattribute drmserver mlstrustedsubject; - -net_domain(drmserver) - -# Perform Binder IPC to system server. -binder_use(drmserver) -binder_call(drmserver, system_server) -binder_call(drmserver, appdomain) -binder_service(drmserver) - -# Perform Binder IPC to mediaserver -binder_call(drmserver, mediaserver) - -allow drmserver sdcard_type:dir search; -allow drmserver drm_data_file:dir create_dir_perms; -allow drmserver drm_data_file:file create_file_perms; -allow drmserver tee_device:chr_file rw_file_perms; -allow drmserver app_data_file:file { read write getattr }; -allow drmserver sdcard_type:file { read write getattr }; -r_dir_file(drmserver, efs_file) - -type drmserver_socket, file_type; - -# /data/app/tlcd_sock socket file. -# Clearly, /data/app is the most logical place to create a socket. Not. -allow drmserver apk_data_file:dir rw_dir_perms; -type_transition drmserver apk_data_file:sock_file drmserver_socket; -allow drmserver drmserver_socket:sock_file create_file_perms; -allow drmserver tee:unix_stream_socket connectto; -# Delete old socket file if present. -allow drmserver apk_data_file:sock_file unlink; - -# After taking a video, drmserver looks at the video file. -r_dir_file(drmserver, media_rw_data_file) - -# Read resources from open apk files passed over Binder. -allow drmserver apk_data_file:file { read getattr }; -allow drmserver asec_apk_file:file { read getattr }; - -# Read /data/data/com.android.providers.telephony files passed over Binder. -allow drmserver radio_data_file:file { read getattr }; - -# /oem access -allow drmserver oemfs:dir search; -allow drmserver oemfs:file r_file_perms; - -allow drmserver drmserver_service:service_manager { add find }; -allow drmserver permission_service:service_manager find; - -selinux_check_access(drmserver) |