Label persist audio properties
label all persist.audio.* properties
and allow mediaserver access to them.
Change-Id: If5755d9783dce298e66a25bcb7f17ff17bd83ea7
diff --git a/mediaserver.te b/mediaserver.te
index 4b299a0..0181e29 100644
--- a/mediaserver.te
+++ b/mediaserver.te
@@ -3,6 +3,7 @@
type mediaserver_exec, exec_type, file_type;
init_daemon_domain(mediaserver)
+unix_socket_connect(mediaserver, property, init)
net_domain(mediaserver)
typeattribute mediaserver mlstrustedsubject;
allow mediaserver kernel:system module_request;
@@ -43,3 +44,4 @@
allow mediaserver rild:unix_stream_socket connectto;
allow mediaserver tee_device:chr_file rw_file_perms;
+allow mediaserver audio_prop:property_service set;
diff --git a/property.te b/property.te
index b62004e..ed84c64 100644
--- a/property.te
+++ b/property.te
@@ -7,3 +7,4 @@
type ctl_default_prop, property_type;
type ctl_dumpstate_prop, property_type;
type ctl_rildaemon_prop, property_type;
+type audio_prop, property_type;
diff --git a/property_contexts b/property_contexts
index a08ae80..d86bcb6 100644
--- a/property_contexts
+++ b/property_contexts
@@ -29,6 +29,7 @@
service.adb.root u:object_r:shell_prop:s0
service.adb.tcp.port u:object_r:shell_prop:s0
+persist.audio. u:object_r:audio_prop:s0
persist.sys. u:object_r:system_prop:s0
persist.service. u:object_r:system_prop:s0
persist.security. u:object_r:system_prop:s0
