Split mediaprovider from priv_app.
MediaProvider requires permissions that diverge from those
of a typical priv_app. This create a new domain and removes
Mtp related permissions from priv_app.
Bug: 33574909
Test: Connect with MTP, download apps and files, select ringtones
Test: DownloadProvider instrument tests, CtsProviderTestCases
Change-Id: I950dc11f21048c34af639cb3ab81873d2a6730a9
diff --git a/public/kernel.te b/public/kernel.te
index 9537c0d..8a010a2 100644
--- a/public/kernel.te
+++ b/public/kernel.te
@@ -50,9 +50,7 @@
allow kernel selinuxfs:file write;
allow kernel self:security setcheckreqprot;
-# MTP sync (b/15835289)
# kernel thread "loop0", used by the loop block device, for ASECs (b/17158723)
-allow kernel priv_app:fd use;
allow kernel sdcard_type:file { read write };
# Allow the kernel to read OBB files from app directories. (b/17428116)
diff --git a/public/mediaprovider.te b/public/mediaprovider.te
new file mode 100644
index 0000000..24170a5
--- /dev/null
+++ b/public/mediaprovider.te
@@ -0,0 +1,6 @@
+###
+### A domain for android.process.media, which contains both
+### MediaProvider and DownloadProvider and associated services.
+###
+
+type mediaprovider, domain;