Move MediaProvider to its own domain, add new MtpServer permissions Also move necessary priv_app permissions into MediaProvider domain and remove MediaProvider specific permissions from priv_app. The new MtpServer permissions fix the following denials: avc: denied { write } for comm=6D747020666673206F70656E name="ep0" dev="functionfs" ino=12326 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:functionfs:s0 tclass=file permissive=1 denial from setting property sys.usb.ffs.mtp.ready, context priv_app Bug: 30976142 Test: Manual, verify permissions are allowed Change-Id: I4e66c5a8b36be21cdb726b5d00c1ec99c54a4aa4

commit: f921dd9cad64bda6433b52b8c99ea8756819ef1b [log] [tgz]
author: Jerry Zhang <zhangjerry@google.com> Thu Sep 22 11:07:50 2016 -0700
committer: Jerry Zhang <zhangjerry@google.com> Mon Dec 12 11:05:33 2016 -0800
tree: 40fcf6abe88dc4c0bd06db358b00d1ebe9083605
parent: 9f1e2b53fb0fae51c8fc3c4a53b81eb926d9cb14 [diff] [blame]
diff --git a/private/mac_permissions.xml b/private/mac_permissions.xml
index 87efe0e..1fcd2a4 100644
--- a/private/mac_permissions.xml
+++ b/private/mac_permissions.xml

@@ -51,4 +51,9 @@
       <seinfo value="platform" />
     </signer>
 
+    <!-- Media key in AOSP -->
+    <signer signature="@MEDIA" >
+      <seinfo value="media" />
+    </signer>
+
 </policy>
commit	f921dd9cad64bda6433b52b8c99ea8756819ef1b	[log] [tgz]
author	Jerry Zhang <zhangjerry@google.com>	Thu Sep 22 11:07:50 2016 -0700
committer	Jerry Zhang <zhangjerry@google.com>	Mon Dec 12 11:05:33 2016 -0800
tree	40fcf6abe88dc4c0bd06db358b00d1ebe9083605
parent	9f1e2b53fb0fae51c8fc3c4a53b81eb926d9cb14 [diff] [blame]