From 6314ea8ee6a340ba9efc10bd02f061a732074acc Mon Sep 17 00:00:00 2001
From: Stricted <info@stricted.net>
Date: Wed, 2 May 2018 02:22:36 +0200
Subject: [PATCH] sepolicy: address mediacodec denials

Change-Id: If26afc6e0990bd7970f8a7feeec99e17ad4af7e2
(cherry picked from commit 2fce8fe3d3c704e56f05802b862f47493ad7f540)
---
 sepolicy/mediacodec.te | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 sepolicy/mediacodec.te

diff --git a/sepolicy/mediacodec.te b/sepolicy/mediacodec.te
new file mode 100644
index 0000000..55487bd
--- /dev/null
+++ b/sepolicy/mediacodec.te
@@ -0,0 +1,23 @@
+# nvram
+allow mediacodec nvdata_file:dir rw_dir_perms;
+allow mediacodec nvdata_file:file create_file_perms;
+allow mediacodec ccci_device:chr_file rw_file_perms;
+
+# video codec
+allow mediacodec Vcodec_device:chr_file rw_file_perms;
+allow mediacodec devmap_device:chr_file r_file_perms;
+allow mediacodec devmap_device:chr_file { ioctl };
+allow mediacodec mtk_smi_device:chr_file { ioctl read open };
+allow mediacodec proc:file { open read ioctl };
+allow mediacodec sysfs:file { open read write };
+allow mediacodec sysfs_devinfo:file { open read write };
+allow mediacodec proc_meminfo:file { open read getattr };
+
+allow mediacodec property_socket:sock_file write;
+allow mediacodec init:unix_stream_socket connectto;
+
+# M4U
+allow mediacodec M4U_device_device:chr_file rw_file_perms;
+
+# PQ
+allow mediacodec pq_service:service_manager find;