mediaextractor: ensure no direct open()s

Mediaextractor should only be operating on data passed directly to it.
It shouldn't be attempting to open /data files on it's own.

Add a neverallow statement (compile time assertion + CTS test) to ensure
this is the case.

Bug: 67454004
Test: policy compiles. No runtime impact.
Change-Id: Ie94d4cb9aece7e72fbd13321f339dcf9d44d5d77

public/mediaextractor.te

@@ -53,3 +53,11 @@ neverallow mediaextractor { file_type fs_type }:file execute_no_trans;
 # Lengthier explanation here:
 # https://android-developers.googleblog.com/2016/05/hardening-media-stack.html
 neverallow mediaextractor domain:{ tcp_socket udp_socket rawip_socket } *;
+
+# mediaextractor should not be opening /data files directly. Any files
+# it touches (with a few exceptions) need to be passed to it via a file
+# descriptor opened outside the process.
+neverallow mediaextractor {
+  data_file_type
+  -zoneinfo_data_file # time zone data from /data/misc/zoneinfo
+}:file open;