Merge "Device: change system_app.te for FileListManager and add droidmount binder servic[5/5]" into o-amlogic

2 files changed, 4 insertions, 1 deletions

diff --git a/common/sepolicy/service_contexts b/common/sepolicy/service_contexts
index 6c43c88..9617d41 100644
--- a/common/sepolicy/service_contexts
+++ b/common/sepolicy/service_contexts
@@ -7,3 +7,4 @@ tvservice                                   u:object_r:tvserver_service:s0
 media.screenmediasource                     u:object_r:screenmediasource_service:s0
 tee_supplicant                              u:object_r:tee_service:s0
 tv_remote                                   u:object_r:tv_remote_service:s0
+droidmount                                  u:object_r:mount_service:s0
diff --git a/common/sepolicy/system_app.te b/common/sepolicy/system_app.te
index d48a6ec..c24b45c 100644
--- a/common/sepolicy/system_app.te
+++ b/common/sepolicy/system_app.te
@@ -24,7 +24,7 @@ allow system_app unlabeled:file { lock open read write getattr };
 
 # /cache_file for dvb app creat update.zip file at /cache  dir
 allow system_app cache_file:dir {create_dir_perms create_file_perms rw_file_perms};
-allow system_app cache_file:file {create_file_perms rw_file_perms};
+allow system_app cache_file:file {create_file_perms rw_file_perms getattr};
 
 allow system_app log_file:dir { search read open getattr };
 allow system_app log_file:file { read open getattr };
@@ -57,3 +57,5 @@ allow system_app exfat:file create_file_perms;
 
 allow system_app ntfs:dir create_dir_perms;
 allow system_app ntfs:file create_file_perms;
+
+allow system_app mnt_media_rw_file:dir r_dir_perms;