sepolicy: denials while reading videos in app

sepolicy/bootanim.te

@@ -0,0 +1,2 @@
+# dev_info
+allow bootanim sysfs_devinfo:file r_file_perms;

sepolicy/mediacodec.te

@@ -16,6 +16,10 @@ allow mediacodec proc_meminfo:file { getattr open read };
 allow mediacodec property_socket:sock_file write;
 allow mediacodec init:unix_stream_socket connectto;
 
+# omx
+allow mediacodec sysfs_ddr_type:file r_file_perms;
+allow mediacodec sysfs_membw:file { open rw_file_perms };
+
 # M4U
 allow mediacodec M4U_device_device:chr_file rw_file_perms;
 

sepolicy/platform_app.te

@@ -1,6 +1,8 @@
-
 # Guiext
 allow platform_app guiext-server_service:service_manager find;
 
 # PQ
 allow platform_app pq_service:service_manager find;
+
+# dev_info
+allow platform_app sysfs_devinfo:file r_file_perms;

sepolicy/priv_app.te

@@ -3,3 +3,6 @@ allow priv_app guiext-server_service:service_manager find;
 
 # PQ
 allow priv_app pq_service:service_manager find;
+
+# dev_info
+allow priv_app sysfs_devinfo:file r_file_perms;

sepolicy/surfaceflinger.te

@@ -1,10 +1,16 @@
+# PQ
 allow surfaceflinger pq_service:service_manager find;
 
+# Gui-Ext
 allow surfaceflinger guiext-server_service:service_manager { find add };
 
 allow surfaceflinger debug_prop:property_service set;
 
+# SMI
 allow surfaceflinger mtk_smi_device:chr_file { read write open ioctl };
 
 # boot_mode
 allow surfaceflinger sysfs_boot_mode:file r_file_perms;
+
+# dev_info
+allow surfaceflinger sysfs_devinfo:file r_file_perms;

sepolicy/system_app.te

@@ -3,3 +3,6 @@ allow system_app perf_control_sysfs:file rw_file_perms;
 allow system_app smartwake_sysfs:file rw_file_perms;
 
 allow system_app em_svr:unix_stream_socket connectto;
+
+# dev_info
+allow system_app sysfs_devinfo:file r_file_perms;

sepolicy/system_server.te

@@ -25,3 +25,6 @@ allow system_server guiext-server_service:service_manager find;
 
 # wlan0 hostap
 allow system_server wifi_data_file:sock_file unlink;
+
+# dev_info
+allow system_server sysfs_devinfo:file r_file_perms;