1*e4a36f41SAndroid Build Coastguard Worker### 2*e4a36f41SAndroid Build Coastguard Worker### A domain for android.process.media, which contains both 3*e4a36f41SAndroid Build Coastguard Worker### MediaProvider and DownloadProvider and associated services. 4*e4a36f41SAndroid Build Coastguard Worker### 5*e4a36f41SAndroid Build Coastguard Worker 6*e4a36f41SAndroid Build Coastguard Workertypeattribute mediaprovider coredomain; 7*e4a36f41SAndroid Build Coastguard Workerapp_domain(mediaprovider) 8*e4a36f41SAndroid Build Coastguard Worker 9*e4a36f41SAndroid Build Coastguard Worker# DownloadProvider accesses the network. 10*e4a36f41SAndroid Build Coastguard Workernet_domain(mediaprovider) 11*e4a36f41SAndroid Build Coastguard Worker 12*e4a36f41SAndroid Build Coastguard Worker# DownloadProvider uses /cache. 13*e4a36f41SAndroid Build Coastguard Workerallow mediaprovider cache_file:dir create_dir_perms; 14*e4a36f41SAndroid Build Coastguard Workerallow mediaprovider cache_file:file create_file_perms; 15*e4a36f41SAndroid Build Coastguard Worker# /cache is a symlink to /data/cache on some devices. Allow reading the link. 16*e4a36f41SAndroid Build Coastguard Workerallow mediaprovider cache_file:lnk_file r_file_perms; 17*e4a36f41SAndroid Build Coastguard Worker# mediaprovider searches through /cache looking for orphans 18*e4a36f41SAndroid Build Coastguard Worker# Ignore denials to /cache/recovery and /cache/backup. 19*e4a36f41SAndroid Build Coastguard Workerdontaudit mediaprovider cache_private_backup_file:dir getattr; 20*e4a36f41SAndroid Build Coastguard Workerdontaudit mediaprovider cache_recovery_file:dir getattr; 21*e4a36f41SAndroid Build Coastguard Worker 22*e4a36f41SAndroid Build Coastguard Worker# Access external sdcards through /mnt/media_rw 23*e4a36f41SAndroid Build Coastguard Workerallow mediaprovider { mnt_media_rw_file }:dir search; 24*e4a36f41SAndroid Build Coastguard Worker 25*e4a36f41SAndroid Build Coastguard Workerallow mediaprovider app_api_service:service_manager find; 26*e4a36f41SAndroid Build Coastguard Workerallow mediaprovider audioserver_service:service_manager find; 27*e4a36f41SAndroid Build Coastguard Workerallow mediaprovider cameraserver_service:service_manager find; 28*e4a36f41SAndroid Build Coastguard Workerallow mediaprovider drmserver_service:service_manager find; 29*e4a36f41SAndroid Build Coastguard Workerallow mediaprovider mediaextractor_service:service_manager find; 30*e4a36f41SAndroid Build Coastguard Workerallow mediaprovider mediaserver_service:service_manager find; 31*e4a36f41SAndroid Build Coastguard Worker 32*e4a36f41SAndroid Build Coastguard Worker# Allow MediaProvider to read/write cached ringtones (opened by system). 33*e4a36f41SAndroid Build Coastguard Workerallow mediaprovider ringtone_file:file { getattr read write }; 34*e4a36f41SAndroid Build Coastguard Worker 35*e4a36f41SAndroid Build Coastguard Worker# MtpServer uses /dev/mtp_usb 36*e4a36f41SAndroid Build Coastguard Workerallow mediaprovider mtp_device:chr_file rw_file_perms; 37*e4a36f41SAndroid Build Coastguard Worker 38*e4a36f41SAndroid Build Coastguard Worker# MtpServer uses /dev/usb-ffs/mtp 39*e4a36f41SAndroid Build Coastguard Workerallow mediaprovider functionfs:dir search; 40*e4a36f41SAndroid Build Coastguard Workerallow mediaprovider functionfs:file rw_file_perms; 41*e4a36f41SAndroid Build Coastguard Workerallowxperm mediaprovider functionfs:file ioctl FUNCTIONFS_ENDPOINT_DESC; 42*e4a36f41SAndroid Build Coastguard Worker 43*e4a36f41SAndroid Build Coastguard Worker# MtpServer sets sys.usb.ffs.mtp.ready 44*e4a36f41SAndroid Build Coastguard Workerget_prop(mediaprovider, ffs_config_prop) 45*e4a36f41SAndroid Build Coastguard Workerset_prop(mediaprovider, ffs_control_prop) 46*e4a36f41SAndroid Build Coastguard Worker 47*e4a36f41SAndroid Build Coastguard Worker# DownloadManager may retrieve DRM status 48*e4a36f41SAndroid Build Coastguard Workerget_prop(mediaprovider, drm_service_config_prop) 49