Transcoding: Add file read/write permission to service. This is needed for the transcoding service to read from the source fd and write to destination fd. Bug: 145628554 Test: atest MediaTranscodeManagerTest Change-Id: Icffed1e402bc2fb593e925de0742c0d7552b50bc

commit: c7f42b2b805561946f88ad3e73b57f7c1df04bfe [log] [tgz]
author: hkuang <hkuang@google.com> Tue May 12 09:50:24 2020 -0700
committer: hkuang <hkuang@google.com> Tue May 12 09:50:24 2020 -0700
tree: 91db2be3517523be2feb117070f32e2c09779492
parent: 4e622b28ed551b6c6ba4e473757617437043ad8e [diff]
diff --git a/public/mediatranscoding.te b/public/mediatranscoding.te
index 85c4a6c..2e539df 100644
--- a/public/mediatranscoding.te
+++ b/public/mediatranscoding.te

@@ -12,6 +12,11 @@
 allow mediatranscoding activity_service:service_manager find;
 allow mediatranscoding untrusted_app:binder call;
 
+# allow mediatranscoding service read/write permissions for file sources
+allow mediatranscoding sdcardfs:file { getattr read write };
+allow mediatranscoding media_rw_data_file:file { getattr read write };
+allow mediatranscoding apk_data_file:file { getattr read };
+
 # mediatranscoding should never execute any executable without a
 # domain transition
 neverallow mediatranscoding { file_type fs_type }:file execute_no_trans;
commit	c7f42b2b805561946f88ad3e73b57f7c1df04bfe	[log] [tgz]
author	hkuang <hkuang@google.com>	Tue May 12 09:50:24 2020 -0700
committer	hkuang <hkuang@google.com>	Tue May 12 09:50:24 2020 -0700
tree	91db2be3517523be2feb117070f32e2c09779492
parent	4e622b28ed551b6c6ba4e473757617437043ad8e [diff]