From ef8172c028f564bb120ce9d65589dffb5e067148 Mon Sep 17 00:00:00 2001
From: Hridya Valsaraju <hridya@google.com>
Date: Tue, 30 Mar 2021 12:30:27 -0700
Subject: [PATCH] Allow mediacodec to access the vstream-secure DMA-BUF heap

This patch fixes the following denial:

avc: denied { read } for comm="HwBinder:727_3" name="vstream-secure"
dev="tmpfs" ino=693 scontext=u:r:mediacodec:s0
tcontext=u:object_r:dmabuf_system_secure_heap_device:s0 tclass=chr_file
permissive=0

Bug: 183681871
Test: build
Change-Id: I018a8d42afe2bb58416b47864b8ffd53de9292cb
---
 whitechapel/vendor/google/mediacodec.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/whitechapel/vendor/google/mediacodec.te b/whitechapel/vendor/google/mediacodec.te
index 2264eac9..caaf5749 100644
--- a/whitechapel/vendor/google/mediacodec.te
+++ b/whitechapel/vendor/google/mediacodec.te
@@ -5,3 +5,4 @@ userdebug_or_eng(`
 add_service(mediacodec, eco_service)
 allow mediacodec hal_camera_default:binder call;
 allow mediacodec sysfs_video:file r_file_perms;
+allow mediacodec dmabuf_system_secure_heap_device:chr_file r_file_perms;