Merge "mediaserver.te refactor"

mediaserver.te

@@ -2,19 +2,23 @@
 type mediaserver, domain;
 type mediaserver_exec, exec_type, file_type;
 
+typeattribute mediaserver mlstrustedsubject;
+
+net_domain(mediaserver)
 init_daemon_domain(mediaserver)
 unix_socket_connect(mediaserver, property, init)
-net_domain(mediaserver)
-typeattribute mediaserver mlstrustedsubject;
-allow mediaserver kernel:system module_request;
+
+r_dir_file(mediaserver, sdcard)
+
 binder_use(mediaserver)
 binder_call(mediaserver, binderservicedomain)
 binder_call(mediaserver, appdomain)
 binder_transfer(mediaserver, surfaceflinger)
 binder_service(mediaserver)
+
+allow mediaserver kernel:system module_request;
 allow mediaserver app_data_file:dir search;
 allow mediaserver app_data_file:file r_file_perms;
-r_dir_file(mediaserver, sdcard)
 allow mediaserver sdcard:file write;
 allow mediaserver camera_device:chr_file rw_file_perms;
 allow mediaserver graphics_device:chr_file rw_file_perms;
@@ -22,8 +26,12 @@ allow mediaserver video_device:chr_file rw_file_perms;
 allow mediaserver audio_device:dir r_dir_perms;
 allow mediaserver audio_device:chr_file rw_file_perms;
 allow mediaserver qemu_device:chr_file rw_file_perms;
+allow mediaserver tee_device:chr_file rw_file_perms;
+allow mediaserver audio_prop:property_service set;
+
 # XXX Label with a specific type?
 allow mediaserver sysfs:file rw_file_perms;
+
 # XXX Why?
 allow mediaserver apk_data_file:file { read getattr };
 
@@ -40,8 +48,6 @@ allow mediaserver camera_calibration_file:file r_file_perms;
 # Read/[write] to /proc/net/xt_qtaguid/ctrl and /dev/xt_qtaguid
 allow mediaserver qtaguid_proc:file rw_file_perms;
 allow mediaserver qtaguid_device:chr_file r_file_perms;
+
 # Allow abstract socket connection
 allow mediaserver rild:unix_stream_socket connectto;
-
-allow mediaserver tee_device:chr_file rw_file_perms;
-allow mediaserver audio_prop:property_service set;