marlin/sepolicy/mediacodec.te

allow mediacodec perfd:unix_stream_socket connectto;
allow mediacodec perfd_data_file:dir search;
allow mediacodec perfd_data_file:sock_file write;

allow mediacodec system_file:dir r_dir_perms;

allow mediacodec sysfs_soc:dir search;
allow mediacodec sysfs_soc:file r_file_perms;
# Only allow gpu ioctl commands that have been demonstrated to be necessary.
allowxperm mediacodec gpu_device:chr_file
  ioctl { gpu_ioctls unpriv_tty_ioctls };