From 3d6169d30bfcabd47398f43ae7861aefdc99cbf1 Mon Sep 17 00:00:00 2001 From: Jasmine Cha Date: Tue, 13 Aug 2024 08:14:48 +0000 Subject: [PATCH 1/2] switch waves prebuilt version Flag: EXEMPT bringup waves Bug: 352461861 Test: manual test Change-Id: Ic7a826d98a77ccb579594a9fb7db1df5d62e99aa Signed-off-by: Jasmine Cha --- audio/common.mk | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/audio/common.mk b/audio/common.mk index edf7b6a..a691f0a 100644 --- a/audio/common.mk +++ b/audio/common.mk @@ -3,8 +3,15 @@ BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/audio/sepolicy/common #Audio Vendor libraries PRODUCT_PACKAGES += \ libfvsam_prm_parser \ - libmahalcontroller \ + libmahalcontroller + +ifeq ($(USE_MAM_V4_ABOVE),true) +PRODUCT_PACKAGES += \ + libMAM_Google_Pixel_Android +else +PRODUCT_PACKAGES += \ libAlgFx_HiFi3z +endif ifneq ($(USE_AUDIO_HAL_AIDL),true) ## AudioHAL Configurations From 13883d9a54be6a6072054790cabcde3189c422b5 Mon Sep 17 00:00:00 2001 From: Ernie Hsu Date: Tue, 27 Aug 2024 04:11:51 +0000 Subject: [PATCH 2/2] mediacodec: fix permission for vendor_media_data and ecoservice vendor_media_data: 08-27 12:07:01.540 747 747 I /vendor/bin/hw/google.hardware.media.c2@3.0-service: type=1400 audit(0.0:1785): avc: denied { search } for comm=436F646563322E30204C6F6F706572 name="media" dev="dm-57" ino=399 scontext=u:r:mediacodec_google:s0 tcontext=u:object_r:vendor_media_data_file:s0 tclass=dir permissive=1 08-27 12:07:01.540 747 747 I /vendor/bin/hw/google.hardware.media.c2@3.0-service: type=1400 audit(0.0:1786): avc: denied { write } for comm=436F646563322E30204C6F6F706572 name="media" dev="dm-57" ino=399 scontext=u:r:mediacodec_google:s0 tcontext=u:object_r:vendor_media_data_file:s0 tclass=dir permissive=1 08-27 12:07:01.540 747 747 I /vendor/bin/hw/google.hardware.media.c2@3.0-service: type=1400 audit(0.0:1787): avc: denied { add_name } for comm=436F646563322E30204C6F6F706572 name="input_7335.bin" scontext=u:r:mediacodec_google:s0 tcontext=u:object_r:vendor_media_data_file:s0 tclass=dir permissive=1 08-27 12:07:01.540 747 747 I /vendor/bin/hw/google.hardware.media.c2@3.0-service: type=1400 audit(0.0:1788): avc: denied { create } for comm=436F646563322E30204C6F6F706572 name="input_7335.bin" scontext=u:r:mediacodec_google:s0 tcontext=u:object_r:vendor_media_data_file:s0 tclass=file permissive=1 08-27 12:07:01.540 747 747 I /vendor/bin/hw/google.hardware.media.c2@3.0-service: type=1400 audit(0.0:1789): avc: denied { append open } for comm=436F646563322E30204C6F6F706572 path="/data/vendor/media/input_7335.bin" dev="dm-57" ino=26749 scontext=u:r:mediacodec_google:s0 tcontext=u:object_r:vendor_media_data_file:s0 tclass=file permissive=1 ecoservice: 08-27 13:07:44.686 358 358 E SELinux : avc: denied { find } for pid=743 uid=1046 name=media.ecoservice scontext=u:r:mediacodec_google:s0 tcontext=u:object_r:eco_service:s0 tclass=service_manager permissive=1 Flag: EXEMPT bugfix Test: video playback and screen record Bug: 361093311 Change-Id: I37d5081061bad2917b24e320f4e4a9c8116db6fa --- mediacodec/vpu/sepolicy/mediacodec_google.te | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/mediacodec/vpu/sepolicy/mediacodec_google.te b/mediacodec/vpu/sepolicy/mediacodec_google.te index e0f5d7f..47c0be8 100644 --- a/mediacodec/vpu/sepolicy/mediacodec_google.te +++ b/mediacodec/vpu/sepolicy/mediacodec_google.te @@ -7,6 +7,8 @@ hal_server_domain(mediacodec_google, hal_codec2) hal_client_domain(mediacodec_google, hal_graphics_allocator) +add_service(mediacodec_google, eco_service) + allow mediacodec_google dmabuf_system_heap_device:chr_file r_file_perms; allow mediacodec_google video_device:chr_file { read write open ioctl map }; @@ -19,3 +21,8 @@ neverallow mediacodec_google { file_type fs_type }:file execute_no_trans; # https://android-developers.googleblog.com/2016/05/hardening-media-stack.html neverallow mediacodec_google domain:{ udp_socket rawip_socket } *; neverallow mediacodec_google { domain userdebug_or_eng(`-su') }:tcp_socket *; + +userdebug_or_eng(` + allow mediacodec_google vendor_media_data_file:dir rw_dir_perms; + allow mediacodec_google vendor_media_data_file:file create_file_perms; +')