Merge "Fix new selinux denials."
diff --git a/sepolicy/mediaserver.te b/sepolicy/mediaserver.te
index 897de36..91484bb 100644
--- a/sepolicy/mediaserver.te
+++ b/sepolicy/mediaserver.te
@@ -1 +1 @@
-allow mediaserver { nvhost_writable_device }:chr_file rw_file_perms;
+allow mediaserver { nvhost_writable_device nvhost_device }:chr_file rw_file_perms;
diff --git a/sepolicy/surfaceflinger.te b/sepolicy/surfaceflinger.te
index 314ce63..82792db 100644
--- a/sepolicy/surfaceflinger.te
+++ b/sepolicy/surfaceflinger.te
@@ -1,3 +1,5 @@
allow surfaceflinger { knv_device nvhost_writable_device }:chr_file rw_file_perms;
-allow surfaceflinger { sysfs_devices_system_cpu sysfs_devices_tegradc }:file w_file_perms;
+allow surfaceflinger { sysfs_devices_system_cpu sysfs_devices_tegradc }:file rw_file_perms;
+allow surfaceflinger sysfs_devices_tegradc:dir r_dir_perms;
+allow surfaceflinger sysfs_devices_tegradc:lnk_file { open getattr read };
allow surfaceflinger sysfs_devices_system_cpu:dir w_dir_perms;
