Snap for 5018454 from 2ab23bf326076e466c84307925c6846e1304175e to oreo-mr1-vts-release Change-Id: I739ef3651b516c736ef7cfc6dccf02530c0e62f6

commit: 2eaa75d82f6e6bda52895312ed217370d1e36614 [log] [tgz]
author: android-build-prod (mdb) <android-build-team-robot@google.com> Wed Sep 19 23:01:59 2018 +0000
committer: android-build-prod (mdb) <android-build-team-robot@google.com> Wed Sep 19 23:01:59 2018 +0000
tree: 9331cf74e2ee5b0f70eaa4462161a1d5075b6b0b
parent: ff68135ee4d0df8dac620f3d27e949f27729bae3 [diff]
parent: 2ab23bf326076e466c84307925c6846e1304175e [diff]
diff --git a/public/domain.te b/public/domain.te
index f5c72cc..357ce18 100644
--- a/public/domain.te
+++ b/public/domain.te

@@ -687,6 +687,7 @@
         -installd
         -postinstall_dexopt
         -system_server
+        -mediaserver
     } vendor_app_file:{ file lnk_file } r_file_perms;
 
     # Limit access to /vendor/overlay

diff --git a/public/mediaserver.te b/public/mediaserver.te
index 6efaf0f..93783fb 100644
--- a/public/mediaserver.te
+++ b/public/mediaserver.te

@@ -102,6 +102,9 @@
 allow mediaserver oemfs:dir search;
 allow mediaserver oemfs:file r_file_perms;
 
+# /vendor apk access
+allow mediaserver vendor_app_file:file r_file_perms;
+
 use_drmservice(mediaserver)
 allow mediaserver drmserver:drmservice {
     consumeRights
commit	2eaa75d82f6e6bda52895312ed217370d1e36614	[log] [tgz]
author	android-build-prod (mdb) <android-build-team-robot@google.com>	Wed Sep 19 23:01:59 2018 +0000
committer	android-build-prod (mdb) <android-build-team-robot@google.com>	Wed Sep 19 23:01:59 2018 +0000
tree	9331cf74e2ee5b0f70eaa4462161a1d5075b6b0b
parent	ff68135ee4d0df8dac620f3d27e949f27729bae3 [diff]
parent	2ab23bf326076e466c84307925c6846e1304175e [diff]