Hi, On a Kernel 4.4.x + Android O MR1 setup, I get below SELinux denials whenever a media file is played from emulated internal storage. There is no break in functionality, Audio/Video files continue to play.
[ 76.118051] type=1400 audit(1526017556.089:131): avc: denied { read } for pid=237 comm="generic" path="/storage/emulated/0/Music/The_Golden_Age.mp3" dev="fuse" ino=11 scontext=u:r:mediaextractor:s0 tcontext=u:object_r:fuse:s0 tclass=file permissive=0 [ 76.201339] type=1400 audit(1526017556.089:131): avc: denied { read } for pid=237 comm="generic" path="/storage/emulated/0/Music/The_Golden_Age.mp3" dev="fuse" ino=11 scontext=u:r:mediaextractor:s0 tcontext=u:object_r:fuse:s0 tclass=file permissive=0 [ 76.227933] type=1400 audit(1526017556.169:132): avc: denied { accept } for pid=192 comm="android.hardwar" lport=33452 scontext=u:r:hal_vehicle_default:s0 tcontext=u:r:hal_vehicle_default:s0 tclass=tcp_socket permissive=0 Is it OK to add below rule for this? allow mediaextractor fuse:file read; [or] Should the folders /storage/emulated/* be labeled as media_rw_data_file, Similar to /data/media? /data/media(/.*)? u:object_r:media_rw_data_file:s0