From 1c98fbf8bec85ddbf5d103a8eea42a585ea8dc39 Mon Sep 17 00:00:00 2001
From: Andy Hung <hunga@google.com>
Date: Wed, 13 Jul 2016 14:04:37 -0700
Subject: [PATCH] Allow MediaExtractor to create FileSource

W Binder:538_2: type=1400 audit(0.0:9): avc: denied { getattr } for path="/data/media/0/Qtc88.mp4" dev="dm-0" ino=678654 scontext=u:r:mediaextractor:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=file permissive=0

W generic : type=1400 audit(0.0:9): avc: denied { read } for path="/data/media/0/Qtc88.mp4" dev="dm-0" ino=678654 scontext=u:r:mediaextractor:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=file permissive=0

Test: Photos, Play Music, Play Movies, Youtube
Bug: 29125703
Change-Id: If84ab43b934944abf4c416db751ab6694835df83
---
 public/mediaextractor.te | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/public/mediaextractor.te b/public/mediaextractor.te
index 398d413b2..969c1a570 100644
--- a/public/mediaextractor.te
+++ b/public/mediaextractor.te
@@ -20,6 +20,9 @@ allow mediaextractor proc_meminfo:file r_file_perms;
 
 crash_dump_fallback(mediaextractor)
 
+# allow mediaextractor read permissions for file sources
+allow mediaextractor media_rw_data_file:file { getattr read };
+
 ###
 ### neverallow rules
 ###
-- 
GitLab