Create new mediaprovider_app domain. This is a domain for the MediaProvider mainline module. The MediaProvider process is responsible for managing external storage, and as such should be able to have full read/write access to it. It also hosts a FUSE filesystem that allows other apps to access said storage in a safe way. Finally, it needs to call some ioctl's to set project quota on the lower filesystem correctly. Bug: 141595441 Test: builds, mediaprovider module gets the correct domain Change-Id: I0d705148774a1bbb59c927e267a484cb5c44f548

commit: e3f1d5a314f3a99a088a2e2100485be3e44c0146 [log] [tgz]
author: Martijn Coenen <maco@google.com> Thu Jan 30 16:52:45 2020 +0100
committer: Martijn Coenen <maco@google.com> Tue Feb 04 16:53:18 2020 +0100
tree: 557f9377c48f1d3b6f4b62ca3b5344238e407e50
parent: 2b44078cacf34e2c31ba3df672af90243a5eceed [diff] [blame]
diff --git a/private/app_neverallows.te b/private/app_neverallows.te
index 677b9e2..f08f516 100644
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te

@@ -6,6 +6,7 @@
   ephemeral_app
   isolated_app
   mediaprovider
+  mediaprovider_app
   untrusted_app
   untrusted_app_25
   untrusted_app_27
@@ -145,8 +146,8 @@
   ')
 }:dir_file_class_set { create unlink };
 
-# No untrusted component should be touching /dev/fuse
-neverallow all_untrusted_apps fuse_device:chr_file *;
+# No untrusted component except mediaprovider_app should be touching /dev/fuse
+neverallow { all_untrusted_apps -mediaprovider_app } fuse_device:chr_file *;
 
 # Do not allow untrusted apps to directly open the tun_device
 neverallow all_untrusted_apps tun_device:chr_file open;
commit	e3f1d5a314f3a99a088a2e2100485be3e44c0146	[log] [tgz]
author	Martijn Coenen <maco@google.com>	Thu Jan 30 16:52:45 2020 +0100
committer	Martijn Coenen <maco@google.com>	Tue Feb 04 16:53:18 2020 +0100
tree	557f9377c48f1d3b6f4b62ca3b5344238e407e50
parent	2b44078cacf34e2c31ba3df672af90243a5eceed [diff] [blame]