Extension of isolated_compute_app for media services.
Support media use cases in isolated_compute_app such as decoding with MediaCodecs.
Bug:266943251
Test: m && manual - sample app with IsolatedProcess=True can use MediaCodec.
Change-Id: I864dcfb16494efada2fbd2a7d34b5d7f6b8128cb
diff --git a/private/isolated_compute_app.te b/private/isolated_compute_app.te
index 536261f..bde6195 100644
--- a/private/isolated_compute_app.te
+++ b/private/isolated_compute_app.te
@@ -20,11 +20,18 @@
allow isolated_compute_app content_capture_service:service_manager find;
allow isolated_compute_app device_state_service:service_manager find;
allow isolated_compute_app speech_recognition_service:service_manager find;
+allow isolated_compute_app mediaserver_service:service_manager find;
# Enable access to hardware services for camera functionalilites
hal_client_domain(isolated_compute_app, hal_allocator)
hwbinder_use(isolated_compute_app)
+allow isolated_compute_app dmabuf_system_heap_device:chr_file r_file_perms;
+
+# Allow access to network sockets received over IPC. New socket creation is not
+# permitted.
+allow isolated_compute_app { ephemeral_app priv_app untrusted_app_all }:{ tcp_socket udp_socket } { rw_socket_perms_no_ioctl };
+
#####
##### Neverallow
#####