From e993b62c6827a3d4cbcad8e399c5041b58e24491 Mon Sep 17 00:00:00 2001
From: Dongwon Kang <dwkang@google.com>
Date: Tue, 1 May 2018 13:25:24 -0700
Subject: [PATCH] Allow sdcardfs:file read access on mediaextractor

Test: pass Multimedia File Compatibility test
Test: time to start playing mid file with GPM: ~10s => ~1.2s
Bug: 76422052, Bug: 67480585, Bug: 30751071
Change-Id: I4e9824b21dab1dafdcca5824367a7fe39a37e2f7
---
 prebuilts/api/28.0/public/mediaextractor.te | 4 +---
 public/mediaextractor.te                    | 4 +---
 2 files changed, 2 insertions(+), 6 deletions(-)

diff --git a/prebuilts/api/28.0/public/mediaextractor.te b/prebuilts/api/28.0/public/mediaextractor.te
index 44387fd47..b0554626f 100644
--- a/prebuilts/api/28.0/public/mediaextractor.te
+++ b/prebuilts/api/28.0/public/mediaextractor.te
@@ -22,10 +22,8 @@ allow mediaextractor proc_meminfo:file r_file_perms;
 
 crash_dump_fallback(mediaextractor)
 
-# Suppress denials from sdcardfs (b/67454004)
-dontaudit mediaextractor sdcardfs:file read;
-
 # allow mediaextractor read permissions for file sources
+allow mediaextractor sdcardfs:file { getattr read };
 allow mediaextractor media_rw_data_file:file { getattr read };
 allow mediaextractor app_data_file:file { getattr read };
 
diff --git a/public/mediaextractor.te b/public/mediaextractor.te
index 44387fd47..b0554626f 100644
--- a/public/mediaextractor.te
+++ b/public/mediaextractor.te
@@ -22,10 +22,8 @@ allow mediaextractor proc_meminfo:file r_file_perms;
 
 crash_dump_fallback(mediaextractor)
 
-# Suppress denials from sdcardfs (b/67454004)
-dontaudit mediaextractor sdcardfs:file read;
-
 # allow mediaextractor read permissions for file sources
+allow mediaextractor sdcardfs:file { getattr read };
 allow mediaextractor media_rw_data_file:file { getattr read };
 allow mediaextractor app_data_file:file { getattr read };
 
-- 
GitLab