platform_system_sepolicy/private/mediaserver.te

typeattribute mediaserver coredomain;

init_daemon_domain(mediaserver)
tmpfs_domain(mediaserver)
allow mediaserver appdomain_tmpfs:file { getattr map read write };

# allocate and use graphic buffers
hal_client_domain(mediaserver, hal_graphics_allocator)
hal_client_domain(mediaserver, hal_configstore)
hal_client_domain(mediaserver, hal_drm)
hal_client_domain(mediaserver, hal_omx)
hal_client_domain(mediaserver, hal_codec2)

set_prop(mediaserver, audio_prop)

get_prop(mediaserver, drm_service_config_prop)
get_prop(mediaserver, media_config_prop)

# Allow MediaCodec running on mediaserver to read media_native flags
get_prop(mediaserver, device_config_media_native_prop)

# Allow mediaserver to start media.transcoding service via ctl.start.
set_prop(mediaserver, ctl_mediatranscoding_prop);

# Allow mediaserver to read SDK sandbox data files
allow mediaserver sdk_sandbox_data_file:file { getattr read };

# Needed for stats callback registration to statsd.
allow mediaserver stats_service:service_manager find;
allow mediaserver statsmanager_service:service_manager find;
binder_call(mediaserver, statsd)

# Allow mediaserver to communicate with Surface provided
# by virtual camera.
binder_call(mediaserver, virtual_camera)