Stephen Smalley  committed 5b692be

Allow mediaserver to connect to tee service.

Resolves denials such as:

avc: denied { connectto } for pid=7028 comm="wfd_looper" path=006D636461656D6F6E scontext=u:r:mediaserver:s0 tcontext=u:r:tee:s0 tclass=unix_stream_socket

This is a socket in the abstract namespace so no socket file is involved.

Change-Id: Ia0e384c08063466cfd0f17af3bccf294c7f9dbbd
Signed-off-by: Stephen Smalley <>

File mediaserver.te

 # Needed on some devices for playing audio on paired BT device,
 # but seems appropriate for all devices.
 unix_socket_connect(mediaserver, bluetooth, bluetooth)
+# Connect to tee service.
+allow mediaserver tee:unix_stream_socket connectto;