Hi,
On a Kernel 4.4.x + Android O MR1 setup, I get below SELinux denials whenever a
media file is played from emulated internal storage.
There is no break in functionality, Audio/Video files continue to play.
[ 76.118051] type=1400 audit(1526017556.089:131): avc: denied { read } for
pid=237 comm="generic" path="/storage/emulated/0/Music/The_Golden_Age.mp3"
dev="fuse" ino=11 scontext=u:r:mediaextractor:s0 tcontext=u:object_r:fuse:s0
tclass=file permissive=0
[ 76.201339] type=1400 audit(1526017556.089:131): avc: denied { read } for
pid=237 comm="generic" path="/storage/emulated/0/Music/The_Golden_Age.mp3"
dev="fuse" ino=11 scontext=u:r:mediaextractor:s0 tcontext=u:object_r:fuse:s0
tclass=file permissive=0
[ 76.227933] type=1400 audit(1526017556.169:132): avc: denied { accept } for
pid=192 comm="android.hardwar" lport=33452 scontext=u:r:hal_vehicle_default:s0
tcontext=u:r:hal_vehicle_default:s0 tclass=tcp_socket permissive=0
Is it OK to add below rule for this?
allow mediaextractor fuse:file read;
[or]
Should the folders /storage/emulated/* be labeled as media_rw_data_file,
Similar to /data/media?
/data/media(/.*)? u:object_r:media_rw_data_file:s0
