From 72e78bfcac1373a3440b04ba2d33792480e58a15 Mon Sep 17 00:00:00 2001
From: Jeff Vander Stoep <jeffv@google.com>
Date: Wed, 27 Jan 2016 19:31:45 -0800
Subject: [PATCH] mediaserver: grant perms from domain_deprecated

In preparation of removing permissions from domain_deprecated.

Addresses:
avc: denied { getattr } for path="/proc/self" dev="proc" ino=4026531841 scontext=u:r:mediaserver:s0 tcontext=u:object_r:proc:s0 tclass=lnk_file permissive=1
avc: denied { read } for name="mediadrm" dev="mmcblk0p24" ino=209 scontext=u:r:mediaserver:s0 tcontext=u:object_r:system_file:s0 tclass=dir permissive=1
avc: denied { open } for path="/vendor/lib/mediadrm" dev="mmcblk0p24" ino=209 scontext=u:r:mediaserver:s0 tcontext=u:object_r:system_file:s0 tclass=dir permissive=1

Change-Id: Ibffa0c9a31316b9a2f1912ae68a8dcd3a4e671b7
---
 mediaserver.te | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/mediaserver.te b/mediaserver.te
index 84ceec86b..6006f0265 100644
--- a/mediaserver.te
+++ b/mediaserver.te
@@ -9,6 +9,12 @@ init_daemon_domain(mediaserver)
 
 r_dir_file(mediaserver, sdcard_type)
 
+# stat /proc/self
+allow mediaserver proc:lnk_file getattr;
+
+# open /vendor/lib/mediadrm
+allow mediaserver system_file:dir r_dir_perms;
+
 binder_use(mediaserver)
 binder_call(mediaserver, binderservicedomain)
 binder_call(mediaserver, appdomain)
-- 
GitLab