audit untrusted_app access to mtp_device android.process.media moved to priv_app. Add audit rule to test if untrusted_app still requires access or if some/all permissions may be removed. Bug: 25085347 Change-Id: I13bae9c09bd1627b2c06ae84b069778984f9bd5d

commit: 7b8f9f153edf7c8bbefe3d472c86419d8048e5dd [log] [tgz]
author: Jeff Vander Stoep <jeffv@google.com> Mon Oct 19 15:05:07 2015 -0700
committer: Jeffrey Vander Stoep <jeffv@google.com> Fri Oct 23 18:03:01 2015 +0000
tree: 23a40eb8f0052279066301e7cc7f7b73c38b5e9a
parent: 0fc831c3b0b8d9a4e10d0931131a0eed06cd4275 [diff]
diff --git a/untrusted_app.te b/untrusted_app.te
index e68c570..6c21cc5 100644
--- a/untrusted_app.te
+++ b/untrusted_app.te

@@ -60,7 +60,11 @@
 #
 
 # Access /dev/mtp_usb.
+# TODO android.process.media moved to priv_app domain. Does
+# untrusted_app still require these permissions? Can "open"
+# be removed?
 allow untrusted_app mtp_device:chr_file rw_file_perms;
+auditallow untrusted_app mtp_device:chr_file rw_file_perms;
 
 # Access to /data/media.
 allow untrusted_app media_rw_data_file:dir create_dir_perms;
commit	7b8f9f153edf7c8bbefe3d472c86419d8048e5dd	[log] [tgz]
author	Jeff Vander Stoep <jeffv@google.com>	Mon Oct 19 15:05:07 2015 -0700
committer	Jeffrey Vander Stoep <jeffv@google.com>	Fri Oct 23 18:03:01 2015 +0000
tree	23a40eb8f0052279066301e7cc7f7b73c38b5e9a
parent	0fc831c3b0b8d9a4e10d0931131a0eed06cd4275 [diff]