Merge "drmserver: audit permissions for /data/app"

commit: 951fc0b0441bb85f5177e096affffe39933578e9 [log] [tgz]
author: Treehugger Robot <treehugger-gerrit@google.com> Wed Dec 09 12:38:06 2020 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Wed Dec 09 12:38:06 2020 +0000
tree: 8ad614a7238fe554fdbec5c3471d26ee66b8b7e3
parent: db87cdf6a82cd097bb8cd1cd6f16c1e634f9ad4b [diff]
parent: 5e6d60a2a5b2a12a677824fd8f41af5885fa565b [diff]
diff --git a/public/drmserver.te b/public/drmserver.te
index e2c6638..a24ad41 100644
--- a/public/drmserver.te
+++ b/public/drmserver.te

@@ -30,7 +30,9 @@
 # /data/app/tlcd_sock socket file.
 # Clearly, /data/app is the most logical place to create a socket.  Not.
 allow drmserver apk_data_file:dir rw_dir_perms;
+auditallow drmserver apk_data_file:dir { add_name write };
 allow drmserver drmserver_socket:sock_file create_file_perms;
+auditallow drmserver drmserver_socket:sock_file create;
 # Delete old socket file if present.
 allow drmserver apk_data_file:sock_file unlink;
commit	951fc0b0441bb85f5177e096affffe39933578e9	[log] [tgz]
author	Treehugger Robot <treehugger-gerrit@google.com>	Wed Dec 09 12:38:06 2020 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Wed Dec 09 12:38:06 2020 +0000
tree	8ad614a7238fe554fdbec5c3471d26ee66b8b7e3
parent	db87cdf6a82cd097bb8cd1cd6f16c1e634f9ad4b [diff]
parent	5e6d60a2a5b2a12a677824fd8f41af5885fa565b [diff]