add mediatranscoding to apex file context am: 9aed64920f
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1522099
MUST ONLY BE SUBMITTED BY AUTOMERGER
Change-Id: Ibc15a90266d1f30174d6590a157571507e8ee31a
diff --git a/prebuilts/api/30.0/private/mls b/prebuilts/api/30.0/private/mls
index 9690440..08d4e1f 100644
--- a/prebuilts/api/30.0/private/mls
+++ b/prebuilts/api/30.0/private/mls
@@ -54,7 +54,7 @@
# Only constrain open, not read/write.
# Also constrain other forms of manipulation, e.g. chmod/chown, unlink, rename, etc.
# Subject must dominate object unless the subject is trusted.
-mlsconstrain dir { open search setattr rename add_name remove_name reparent rmdir }
+mlsconstrain dir { open search getattr setattr rename add_name remove_name reparent rmdir }
( (t2 != app_data_file and t2 != privapp_data_file ) or l1 dom l2 or t1 == mlstrustedsubject);
mlsconstrain { file sock_file } { open setattr unlink link rename }
( (t2 != app_data_file and t2 != privapp_data_file and t2 != appdomain_tmpfs) or l1 dom l2 or t1 == mlstrustedsubject);
diff --git a/private/mls b/private/mls
index 0e0995c..68d0e58 100644
--- a/private/mls
+++ b/private/mls
@@ -54,7 +54,7 @@
# Only constrain open, not read/write, so already open fds can be used.
# Also constrain other forms of manipulation, e.g. chmod/chown, unlink, rename, etc.
# Subject must dominate object unless the subject is trusted.
-mlsconstrain dir { open search setattr rename add_name remove_name reparent rmdir }
+mlsconstrain dir { open search getattr setattr rename add_name remove_name reparent rmdir }
(t2 != app_data_file_type or l1 dom l2 or t1 == mlstrustedsubject);
mlsconstrain { file sock_file } { open setattr unlink link rename }
( (t2 != app_data_file_type and t2 != appdomain_tmpfs) or l1 dom l2 or t1 == mlstrustedsubject);