Allow access to mediaanalytics service
media framework analytics are gathered in a separate service.
define a context for this new service, allow various
media-related services and libraries to access this new service.
Bug: 30267133
Test: ran media CTS, watched for selinux denials.
Change-Id: I5aa5aaa5aa9e82465b8024f87ed32d6ba4db35ca
diff --git a/private/file_contexts b/private/file_contexts
index 1be0eb0..597c914 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -173,6 +173,7 @@
/system/bin/audioserver u:object_r:audioserver_exec:s0
/system/bin/mediadrmserver u:object_r:mediadrmserver_exec:s0
/system/bin/mediaserver u:object_r:mediaserver_exec:s0
+/system/bin/mediaanalytics u:object_r:mediaanalytics_exec:s0
/system/bin/cameraserver u:object_r:cameraserver_exec:s0
/system/bin/mediaextractor u:object_r:mediaextractor_exec:s0
/system/bin/mediacodec u:object_r:mediacodec_exec:s0
diff --git a/private/mediaanalytics.te b/private/mediaanalytics.te
new file mode 100644
index 0000000..0092fbe
--- /dev/null
+++ b/private/mediaanalytics.te
@@ -0,0 +1,3 @@
+# type_transition must be private policy the domain_trans rules could stay
+# public, but conceptually should go with this
+init_daemon_domain(mediaanalytics)
diff --git a/private/service_contexts b/private/service_contexts
index 5bf2ce3..9269c2c 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -75,6 +75,7 @@
media.camera.proxy u:object_r:cameraproxy_service:s0
media.log u:object_r:audioserver_service:s0
media.player u:object_r:mediaserver_service:s0
+media.analytics u:object_r:mediaanalytics_service:s0
media.extractor u:object_r:mediaextractor_service:s0
media.codec u:object_r:mediacodec_service:s0
media.resource_manager u:object_r:mediaserver_service:s0