Allow mediaserver to access vendor_app_file Currently, when vendor APK try to use MediaPlayer to play its audio resource, it would fail due to this neverallow rules. avc: denied { read } for path="/vendor/app/TicFitness/TicFitness.apk" dev="dm-1" ino=183 scontext=u:r:mediaserver:s0 tcontext=u:object_r:vendor_app_file:s0 tclass=file permissive=0 Bug: 78436043 Change-Id: Id910184c16955f9e4e4c8d3bb6eca2253ab59063

commit: 3623c2b6c0e7cafa56bf1f579845f5b45e683436 [log] [tgz]
author: Zheng Zhang <zhzh@google.com> Mon Apr 23 20:47:05 2018 -0700
committer: Zheng Zhang <zhzh@google.com> Wed Apr 25 06:00:59 2018 +0000
tree: 7ca48b12f7817252022e5a94671d69a3dd7af29c
parent: fd87a92acf9024f72e84896ace7708bbcb991da9 [diff]
diff --git a/public/domain.te b/public/domain.te
index 3a914d7..1dc2a41 100644
--- a/public/domain.te
+++ b/public/domain.te

@@ -953,6 +953,7 @@
         userdebug_or_eng(`-perfprofd')
         -postinstall_dexopt
         -system_server
+        -mediaserver
     } vendor_app_file:file r_file_perms;
 ')
 

diff --git a/public/mediaserver.te b/public/mediaserver.te
index b20835a..861d11d 100644
--- a/public/mediaserver.te
+++ b/public/mediaserver.te

@@ -95,6 +95,9 @@
 allow mediaserver oemfs:dir search;
 allow mediaserver oemfs:file r_file_perms;
 
+# /vendor apk access
+allow mediaserver vendor_app_file:file r_file_perms;
+
 use_drmservice(mediaserver)
 allow mediaserver drmserver:drmservice {
     consumeRights
commit	3623c2b6c0e7cafa56bf1f579845f5b45e683436	[log] [tgz]
author	Zheng Zhang <zhzh@google.com>	Mon Apr 23 20:47:05 2018 -0700
committer	Zheng Zhang <zhzh@google.com>	Wed Apr 25 06:00:59 2018 +0000
tree	7ca48b12f7817252022e5a94671d69a3dd7af29c
parent	fd87a92acf9024f72e84896ace7708bbcb991da9 [diff]