mediaswcodec: Fix selinux and seccomp policy denials am: ed6df0dd14 am: 03e5a22031 am: 6ec3b2d965

Original change: https://android-review.googlesource.com/c/device/linaro/dragonboard/+/1238348

Change-Id: Ief603fecf9592e65d61f907759359104500b51dd
diff --git a/device-common.mk b/device-common.mk
index 1ebe719..d0f540e 100644
--- a/device-common.mk
+++ b/device-common.mk
@@ -135,6 +135,9 @@
     frameworks/av/media/libstagefright/data/media_codecs_google_video.xml:$(TARGET_COPY_OUT_VENDOR)/etc/media_codecs_google_video.xml \
     frameworks/av/media/libstagefright/data/media_codecs_google_audio.xml:$(TARGET_COPY_OUT_VENDOR)/etc/media_codecs_google_audio.xml
 
+PRODUCT_COPY_FILES += \
+    $(LOCAL_PATH)/seccomp_policy/mediaswcodec.policy:$(TARGET_COPY_OUT_VENDOR)/etc/seccomp_policy/mediaswcodec.policy
+
 # Memtrack
 PRODUCT_PACKAGES += \
     memtrack.default \
diff --git a/seccomp_policy/mediaswcodec.policy b/seccomp_policy/mediaswcodec.policy
new file mode 100644
index 0000000..4c148fb
--- /dev/null
+++ b/seccomp_policy/mediaswcodec.policy
@@ -0,0 +1,3 @@
+# device specific syscalls
+# extension of frameworks/av/services/mediacodec/seccomp_policy/mediaswcodec-arm64.policy
+sysinfo: 1
diff --git a/sepolicy/mediaswcodec.te b/sepolicy/mediaswcodec.te
new file mode 100644
index 0000000..57fb75c
--- /dev/null
+++ b/sepolicy/mediaswcodec.te
@@ -0,0 +1,2 @@
+gpu_access(mediaswcodec)
+allow mediaswcodec gpu_device:chr_file { getattr ioctl map open read write };