Give mediatranscoding access to the DMA-BUF system heap Fixes the following denials: avc: denied { getattr } for path="/dev/dma_heap/system" dev="tmpfs" ino=534 scontext=u:r:mediatranscoding:s0 tcontext=u:object_r:dmabuf_system_heap_device:s0 tclass=chr_file permissive=0 Bug: 185867872 Test: No more DMA-BUF heap related denials from CtsMediaTranscodingTestCases Change-Id: I45b57b45e0db996f08b82618dcd085ba0f7e6ef6

commit: 15f0f9234c18a78df1a4c645f3f47f1a276a9297 [log] [tgz]
author: Hridya Valsaraju <hridya@google.com> Tue Apr 27 17:34:41 2021 -0700
committer: Hridya Valsaraju <hridya@google.com> Mon May 03 16:49:16 2021 -0700
tree: 8d287c50a059f02d7147b7ac68dabf0042855efb
parent: a2a2d9cbbdd299ed254d217b15c917eab606fba3 [diff]
diff --git a/private/mediatranscoding.te b/private/mediatranscoding.te
index caa2e7a..2a43cf9 100644
--- a/private/mediatranscoding.te
+++ b/private/mediatranscoding.te

@@ -39,6 +39,9 @@
 # allow mediatranscoding service write permission to statsd socket
 unix_socket_send(mediatranscoding, statsdw, statsd)
 
+# Allow mediatranscoding to access the DMA-BUF system heap
+allow mediatranscoding dmabuf_system_heap_device:chr_file r_file_perms;
+
 allow mediatranscoding gpu_device:dir search;
 
 # Allow mediatranscoding service to access media-related system properties
commit	15f0f9234c18a78df1a4c645f3f47f1a276a9297	[log] [tgz]
author	Hridya Valsaraju <hridya@google.com>	Tue Apr 27 17:34:41 2021 -0700
committer	Hridya Valsaraju <hridya@google.com>	Mon May 03 16:49:16 2021 -0700
tree	8d287c50a059f02d7147b7ac68dabf0042855efb
parent	a2a2d9cbbdd299ed254d217b15c917eab606fba3 [diff]