Add missing permissions for Cuttlefish to support GSI testing Once b/186727553 is fixed, booting GSI on cuttlefish will no longer load cuttlefish's system_ext sepolicy. These domains are all private and hence the permissions are being added to system/sepolicy to avoid making them public(especially mediatranscoding that was changed from public to private in Android S). Test: build, boot Change-Id: I4a78030015fff147545bb627c9e62afbd0daa9d7

commit: a2a2d9cbbdd299ed254d217b15c917eab606fba3 [log] [tgz]
author: Hridya Valsaraju <hridya@google.com> Thu Apr 29 12:49:30 2021 -0700
committer: Hridya Valsaraju <hridya@google.com> Mon May 03 16:49:07 2021 -0700
tree: 6db21ee9337e70313ab4d9cbd6f76e2403e46974
parent: 351331b015dff93dbe5b947d75e37cbf2229eef3 [diff] [blame]
diff --git a/private/mediatranscoding.te b/private/mediatranscoding.te
index 372bde6..caa2e7a 100644
--- a/private/mediatranscoding.te
+++ b/private/mediatranscoding.te

@@ -39,6 +39,11 @@
 # allow mediatranscoding service write permission to statsd socket
 unix_socket_send(mediatranscoding, statsdw, statsd)
 
+allow mediatranscoding gpu_device:dir search;
+
+# Allow mediatranscoding service to access media-related system properties
+get_prop(mediatranscoding, media_config_prop)
+
 # mediatranscoding should never execute any executable without a
 # domain transition
 neverallow mediatranscoding { file_type fs_type }:file execute_no_trans;
commit	a2a2d9cbbdd299ed254d217b15c917eab606fba3	[log] [tgz]
author	Hridya Valsaraju <hridya@google.com>	Thu Apr 29 12:49:30 2021 -0700
committer	Hridya Valsaraju <hridya@google.com>	Mon May 03 16:49:07 2021 -0700
tree	6db21ee9337e70313ab4d9cbd6f76e2403e46974
parent	351331b015dff93dbe5b947d75e37cbf2229eef3 [diff] [blame]