From e9c2de0679f16a8ba7291aaf2cd4286bef8b2886 Mon Sep 17 00:00:00 2001
From: Clark Scheff <clark@cyngn.com>
Date: Mon, 5 Jan 2015 15:30:16 -0800
Subject: [PATCH] sepolicy: Apps need to read themed resources

Assets such as composed icons and ringtones need to be accessed
by apps.  This patch adds the policy needed to facilitate this.

Change-Id: If47920b2cc5dbafe8d71a621782bb4a3351bd68c
---
 sepolicy/app.te         | 3 +++
 sepolicy/bootanim.te    | 3 +++
 sepolicy/mediaserver.te | 3 +++
 sepolicy/sepolicy.mk    | 5 ++++-
 sepolicy/zygote.te      | 3 +++
 5 files changed, 16 insertions(+), 1 deletion(-)
 create mode 100644 sepolicy/app.te
 create mode 100644 sepolicy/bootanim.te
 create mode 100644 sepolicy/mediaserver.te
 create mode 100644 sepolicy/zygote.te

diff --git a/sepolicy/app.te b/sepolicy/app.te
new file mode 100644
index 00000000..761eb5f0
--- /dev/null
+++ b/sepolicy/app.te
@@ -0,0 +1,3 @@
+# Themed resources (i.e. composed icons)
+allow appdomain theme_data_file:dir r_dir_perms;
+allow appdomain theme_data_file:file r_file_perms;
diff --git a/sepolicy/bootanim.te b/sepolicy/bootanim.te
new file mode 100644
index 00000000..164231b0
--- /dev/null
+++ b/sepolicy/bootanim.te
@@ -0,0 +1,3 @@
+# Themed resources (bootanimation)
+allow bootanim theme_data_file:dir search;
+allow bootanim theme_data_file:file r_file_perms;
diff --git a/sepolicy/mediaserver.te b/sepolicy/mediaserver.te
new file mode 100644
index 00000000..ea26cdfc
--- /dev/null
+++ b/sepolicy/mediaserver.te
@@ -0,0 +1,3 @@
+# Themed resources (i.e. composed icons)
+allow mediaserver theme_data_file:dir r_dir_perms;
+allow mediaserver theme_data_file:file r_file_perms;
diff --git a/sepolicy/sepolicy.mk b/sepolicy/sepolicy.mk
index d916a049..2f3978fc 100644
--- a/sepolicy/sepolicy.mk
+++ b/sepolicy/sepolicy.mk
@@ -13,8 +13,10 @@ BOARD_SEPOLICY_UNION += \
     property_contexts \
     seapp_contexts \
     service_contexts \
-    auditd.te \
     adbd.te \
+    app.te \
+    auditd.te \
+    bootanim.te \
     healthd.te \
     hostapd.te \
     installd.te \
@@ -28,4 +30,5 @@ BOARD_SEPOLICY_UNION += \
     system_app.te \
     ueventd.te \
     vold.te \
+    zygote.te \
     mac_permissions.xml
diff --git a/sepolicy/zygote.te b/sepolicy/zygote.te
new file mode 100644
index 00000000..8bee8fe7
--- /dev/null
+++ b/sepolicy/zygote.te
@@ -0,0 +1,3 @@
+allow zygote theme_data_file:file r_file_perms;
+allow zygote theme_data_file:dir r_dir_perms;
+