diff --git a/drmserver.te b/drmserver.te
index b465430ca55c9fd986d4d02a5b97ed46d3f04f34..112d7a180cf8c497cb97c2e7b35a9a431d03fce0 100644
--- a/drmserver.te
+++ b/drmserver.te
@@ -34,3 +34,6 @@ allow drmserver apk_data_file:dir rw_dir_perms;
 type_transition drmserver apk_data_file:sock_file drmserver_socket;
 allow drmserver drmserver_socket:sock_file create_file_perms;
 allow drmserver tee:unix_stream_socket connectto;
+
+# After taking a video, drmserver looks at the video file.
+r_dir_file(drmserver, media_rw_data_file)
diff --git a/mediaserver.te b/mediaserver.te
index ab65bb73b589df022a757e4a202ea7aa4db8e7df..0105ffdad7327df3f7a2f1a0ff790ff4352cbe8c 100644
--- a/mediaserver.te
+++ b/mediaserver.te
@@ -24,6 +24,7 @@ allow mediaserver app_data_file:file rw_file_perms;
 allow mediaserver platform_app_data_file:file { getattr read };
 allow mediaserver sdcard_type:file write;
 allow mediaserver graphics_device:chr_file rw_file_perms;
+allow mediaserver video_device:dir r_dir_perms;
 allow mediaserver video_device:chr_file rw_file_perms;
 allow mediaserver audio_device:dir r_dir_perms;
 allow mediaserver qemu_device:chr_file rw_file_perms;
@@ -47,8 +48,8 @@ allow mediaserver rpmsg_device:chr_file rw_file_perms;
 allow mediaserver system_server:fifo_file r_file_perms;
 
 # Camera data
-allow mediaserver camera_data_file:dir r_dir_perms;
-allow mediaserver camera_data_file:file r_file_perms;
+r_dir_file(mediaserver, camera_data_file)
+r_dir_file(mediaserver, media_rw_data_file)
 
 # Grant access to audio files to mediaserver
 allow mediaserver audio_data_file:dir ra_dir_perms;
diff --git a/surfaceflinger.te b/surfaceflinger.te
index a2abf157a3b31ecc8e1a6e0d4796dbe9fb58edcb..c129d0759d84cb352e3ee83f119e28a1d0019ef8 100644
--- a/surfaceflinger.te
+++ b/surfaceflinger.te
@@ -21,6 +21,7 @@ allow surfaceflinger graphics_device:dir search;
 allow surfaceflinger graphics_device:chr_file rw_file_perms;
 
 # Access /dev/video1.
+allow surfaceflinger video_device:dir r_dir_perms;
 allow surfaceflinger video_device:chr_file rw_file_perms;
 
 # Create and use netlink kobject uevent sockets.
diff --git a/system_server.te b/system_server.te
index 1b60ea7166e84f79fce28060022094e704395964..09e6ec5d8c364cc144066b3a0ffa457373a1a4b9 100644
--- a/system_server.te
+++ b/system_server.te
@@ -132,6 +132,7 @@ allow system_server input_device:chr_file rw_file_perms;
 allow system_server tty_device:chr_file rw_file_perms;
 allow system_server urandom_device:chr_file rw_file_perms;
 allow system_server usbaccessory_device:chr_file rw_file_perms;
+allow system_server video_device:dir r_dir_perms;
 allow system_server video_device:chr_file rw_file_perms;
 allow system_server qemu_device:chr_file rw_file_perms;
 allow system_server adbd_socket:sock_file rw_file_perms;