Allow mediaprovider to search /mnt/media_rw
Mtp needs access to this path in order to
change files on an sdcard.
Fixes denial:
05-14 17:40:58.803 3004 3004 W MtpServer: type=1400 audit(0.0:46):
avc: denied { search } for name="media_rw" dev="tmpfs" ino=10113
scontext=u:r:mediaprovider:s0:c512,c768
tcontext=u:object_r:mnt_media_rw_file:s0 tclass=dir permissive=0
b/77925342 app=com.android.providers.media
Bug: 77849654
Test: no denials using mtp with emulated sdcard
Change-Id: I27b5294fa211bb1eff6d011638b5fdc90334bc80
diff --git a/prebuilts/api/28.0/private/mediaprovider.te b/prebuilts/api/28.0/private/mediaprovider.te
index fc6ec5a..f5c9f69 100644
--- a/prebuilts/api/28.0/private/mediaprovider.te
+++ b/prebuilts/api/28.0/private/mediaprovider.te
@@ -19,6 +19,8 @@
dontaudit mediaprovider cache_private_backup_file:dir getattr;
dontaudit mediaprovider cache_recovery_file:dir getattr;
+# Access external sdcards through /mnt/media_rw
+allow mediaprovider { mnt_media_rw_file }:dir search;
allow mediaprovider app_api_service:service_manager find;
allow mediaprovider audioserver_service:service_manager find;
diff --git a/private/mediaprovider.te b/private/mediaprovider.te
index fc6ec5a..f5c9f69 100644
--- a/private/mediaprovider.te
+++ b/private/mediaprovider.te
@@ -19,6 +19,8 @@
dontaudit mediaprovider cache_private_backup_file:dir getattr;
dontaudit mediaprovider cache_recovery_file:dir getattr;
+# Access external sdcards through /mnt/media_rw
+allow mediaprovider { mnt_media_rw_file }:dir search;
allow mediaprovider app_api_service:service_manager find;
allow mediaprovider audioserver_service:service_manager find;