sepolicy/mediacodec.te - device/google/marlin - Git at Google

 # VIDEO_DECODE_PLAYBACK_HINT is for interactive governor in HMP kernels
 # Do not grant the access
 dontaudit mediacodec perfd:unix_stream_socket connectto;
 dontaudit mediacodec perfd_data_file:dir search;
 dontaudit mediacodec perfd_data_file:sock_file write;

 allow mediacodec system_file:dir r_dir_perms;

 allow mediacodec sysfs_soc:dir search;
 allow mediacodec sysfs_soc:file r_file_perms;
 # Only allow gpu ioctl commands that have been demonstrated to be necessary.
 allowxperm mediacodec gpu_device:chr_file
   ioctl { gpu_ioctls unpriv_tty_ioctls };
	# VIDEO_DECODE_PLAYBACK_HINT is for interactive governor in HMP kernels
	# Do not grant the access
	dontaudit mediacodec perfd:unix_stream_socket connectto;
	dontaudit mediacodec perfd_data_file:dir search;
	dontaudit mediacodec perfd_data_file:sock_file write;

	allow mediacodec system_file:dir r_dir_perms;

	allow mediacodec sysfs_soc:dir search;
	allow mediacodec sysfs_soc:file r_file_perms;
	# Only allow gpu ioctl commands that have been demonstrated to be necessary.
	allowxperm mediacodec gpu_device:chr_file
	ioctl { gpu_ioctls unpriv_tty_ioctls };