Certainly not, because the plausible kernel bugs in those open driver descriptors (I'm serious: vendor media drivers are not pretty things) would obviously not be subject to selinux controls.

But at least there is some sandboxing in place; the security architecture was designed to admit the possibility of a breach of the mediaserver.