From 227bb14c8acc5df55d16fda72156227a1a786e1d Mon Sep 17 00:00:00 2001
From: hkuang <hkuang@google.com>
Date: Fri, 14 May 2021 12:52:54 -0700
Subject: [PATCH] Allow mediaserver start transcoding service.

Merged-In: 1708946

Bug: 187271658
Test: atest MediaTranscodeManagerTest; unit tests
Change-Id: I847a83ec3e0d852266b7b0c624767e72d48b45d5
---
 private/mediaserver.te    | 3 +++
 private/property.te       | 1 +
 private/property_contexts | 3 +++
 3 files changed, 7 insertions(+)

diff --git a/private/mediaserver.te b/private/mediaserver.te
index 7fb802958..6fe460ca5 100644
--- a/private/mediaserver.te
+++ b/private/mediaserver.te
@@ -15,3 +15,6 @@ set_prop(mediaserver, audio_prop)
 
 get_prop(mediaserver, drm_service_config_prop)
 get_prop(mediaserver, media_config_prop)
+
+# Allow mediaserver to start media.transcoding service via ctl.start.
+set_prop(mediaserver, ctl_mediatranscoding_prop);
diff --git a/private/property.te b/private/property.te
index 9f9ebbf5b..13aa7d053 100644
--- a/private/property.te
+++ b/private/property.te
@@ -35,6 +35,7 @@ system_internal_prop(userspace_reboot_log_prop)
 system_internal_prop(userspace_reboot_test_prop)
 system_internal_prop(verity_status_prop)
 system_internal_prop(zygote_wrap_prop)
+system_internal_prop(ctl_mediatranscoding_prop)
 
 ###
 ### Neverallow rules
diff --git a/private/property_contexts b/private/property_contexts
index 41b600ff3..903f080d9 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -169,6 +169,9 @@ ctl.restart$gsid        u:object_r:ctl_gsid_prop:s0
 # Restrict access to stopping apexd.
 ctl.stop$apexd          u:object_r:ctl_apexd_prop:s0
 
+# Restrict access to starting media.transcoding.
+ctl.start$media.transcoding  u:object_r:ctl_mediatranscoding_prop:s0
+
 # Restrict access to restart dumpstate
 ctl.interface_restart$android.hardware.dumpstate u:object_r:ctl_dumpstate_prop:s0