Merge "Relax sdk sandbox sepolicy." into udc-dev

commit: 2079ab2f288768ea21558d6e9785d7762fd3a4f0 [log] [tgz]
author: Treehugger Robot <android-test-infra-autosubmit@system.gserviceaccount.com> Wed May 10 09:51:25 2023 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> Wed May 10 09:51:25 2023 +0000
tree: 521739b181591285df02262c0a5774f0aa71cd7e
parent: fefe81b685743ae8cdd4142df827bf6458b1f8f5 [diff]
parent: 30cf7bbf28977b9da70b153413fcb8a16534429a [diff]
diff --git a/prebuilts/api/34.0/private/mediaprovider_app.te b/prebuilts/api/34.0/private/mediaprovider_app.te
index 7ad8feb..1f84eca 100644
--- a/prebuilts/api/34.0/private/mediaprovider_app.te
+++ b/prebuilts/api/34.0/private/mediaprovider_app.te

@@ -35,6 +35,9 @@
 # Talk to regular app services
 allow mediaprovider_app app_api_service:service_manager find;
 
+# Read SDK sandbox data files
+allow mediaprovider_app sdk_sandbox_data_file:file { getattr read };
+
 # Talk to the GPU service
 binder_call(mediaprovider_app, gpuservice)
 

diff --git a/prebuilts/api/34.0/private/mediaserver.te b/prebuilts/api/34.0/private/mediaserver.te
index aaf49f6..f44cbde 100644
--- a/prebuilts/api/34.0/private/mediaserver.te
+++ b/prebuilts/api/34.0/private/mediaserver.te

@@ -19,6 +19,9 @@
 # Allow mediaserver to start media.transcoding service via ctl.start.
 set_prop(mediaserver, ctl_mediatranscoding_prop);
 
+# Allow mediaserver to read SDK sandbox data files
+allow mediaserver sdk_sandbox_data_file:file { getattr read };
+
 # Needed for stats callback registration to statsd.
 allow mediaserver stats_service:service_manager find;
 allow mediaserver statsmanager_service:service_manager find;

diff --git a/private/mediaprovider_app.te b/private/mediaprovider_app.te
index 7ad8feb..1f84eca 100644
--- a/private/mediaprovider_app.te
+++ b/private/mediaprovider_app.te

@@ -35,6 +35,9 @@
 # Talk to regular app services
 allow mediaprovider_app app_api_service:service_manager find;
 
+# Read SDK sandbox data files
+allow mediaprovider_app sdk_sandbox_data_file:file { getattr read };
+
 # Talk to the GPU service
 binder_call(mediaprovider_app, gpuservice)
 

diff --git a/private/mediaserver.te b/private/mediaserver.te
index aaf49f6..f44cbde 100644
--- a/private/mediaserver.te
+++ b/private/mediaserver.te

@@ -19,6 +19,9 @@
 # Allow mediaserver to start media.transcoding service via ctl.start.
 set_prop(mediaserver, ctl_mediatranscoding_prop);
 
+# Allow mediaserver to read SDK sandbox data files
+allow mediaserver sdk_sandbox_data_file:file { getattr read };
+
 # Needed for stats callback registration to statsd.
 allow mediaserver stats_service:service_manager find;
 allow mediaserver statsmanager_service:service_manager find;
commit	2079ab2f288768ea21558d6e9785d7762fd3a4f0	[log] [tgz]
author	Treehugger Robot <android-test-infra-autosubmit@system.gserviceaccount.com>	Wed May 10 09:51:25 2023 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	Wed May 10 09:51:25 2023 +0000
tree	521739b181591285df02262c0a5774f0aa71cd7e
parent	fefe81b685743ae8cdd4142df827bf6458b1f8f5 [diff]
parent	30cf7bbf28977b9da70b153413fcb8a16534429a [diff]