Allow mediaserver to access vendor_app_file

Currently, when vendor APK try to use MediaPlayer to play its audio resource, it would fail due to this neverallow rules. avc: denied { read } for path="/vendor/app/TicFitness/TicFitness.apk" dev="dm-1" ino=183 scontext=u:r:mediaserver:s0 tcontext=u:object_r:vendor_app_file:s0 tclass=file permissive=0 Bug: 78436043 (fix CTS bug: 80163922) Change-Id: Id910184c16955f9e4e4c8d3bb6eca2253ab59063 (cherry picked from commit 3623c2b6)

Allow mediaserver to access vendor_app_file
d53f0737 · Zheng Zhang · 473cc5e1 · d53f0737 · d53f0737
Commit d53f0737 authored 6 years ago by Zheng Zhang
--- a/public/domain.te
+++ b/public/domain.te
@@ -691,6 +691,7 @@ full_treble_only(`
        -installd
        -postinstall_dexopt
        -system_server
+        -mediaserver
    } vendor_app_file:{ file lnk_file } r_file_perms;
    # Limit access to /vendor/overlay

--- a/public/mediaserver.te
+++ b/public/mediaserver.te
@@ -102,6 +102,9 @@ allow mediaserver hidl_token_hwservice:hwservice_manager find;
 allow mediaserver oemfs:dir search;
 allow mediaserver oemfs:file r_file_perms;
+# /vendor apk access
+allow mediaserver vendor_app_file:file r_file_perms;
 use_drmservice(mediaserver)
 allow mediaserver drmserver:drmservice {
    consumeRights