Allow mediaprovider and mediaserver to read sdk_sandbox_data_file
Context: go/videoview-local-sandbox. This change is required to
play local files in a VideoView in the SDK sandbox.
Test: Manual steps described in doc
Bug: 266592086
Change-Id: I940609d5dff4fc73d0376489646488c7b96eebb8
diff --git a/private/mediaprovider_app.te b/private/mediaprovider_app.te
index 7ad8feb..1f84eca 100644
--- a/private/mediaprovider_app.te
+++ b/private/mediaprovider_app.te
@@ -35,6 +35,9 @@
# Talk to regular app services
allow mediaprovider_app app_api_service:service_manager find;
+# Read SDK sandbox data files
+allow mediaprovider_app sdk_sandbox_data_file:file { getattr read };
+
# Talk to the GPU service
binder_call(mediaprovider_app, gpuservice)
diff --git a/private/mediaserver.te b/private/mediaserver.te
index aaf49f6..f44cbde 100644
--- a/private/mediaserver.te
+++ b/private/mediaserver.te
@@ -19,6 +19,9 @@
# Allow mediaserver to start media.transcoding service via ctl.start.
set_prop(mediaserver, ctl_mediatranscoding_prop);
+# Allow mediaserver to read SDK sandbox data files
+allow mediaserver sdk_sandbox_data_file:file { getattr read };
+
# Needed for stats callback registration to statsd.
allow mediaserver stats_service:service_manager find;
allow mediaserver statsmanager_service:service_manager find;