Merge "mediacodec: fix sepolicy for video playback/recording" into main

2024-07-19 06:47:07 +00:00 · 2024-07-19 06:47:07 +00:00 · 826a8afe4c
commit 826a8afe4c
parent cbe40aac4f bbe999c372
1 changed files with 15 additions and 0 deletions
--- a/mediacodec/vpu/sepolicy/mediacodec_google.te
+++ b/mediacodec/vpu/sepolicy/mediacodec_google.te
@ -3,3 +3,18 @@ type mediacodec_google_exec, exec_type, vendor_file_type, file_type;

 init_daemon_domain(mediacodec_google)

+hal_server_domain(mediacodec_google, hal_codec2)
+
+hal_client_domain(mediacodec_google, hal_graphics_allocator)
+
+allow mediacodec_google dmabuf_system_heap_device:chr_file r_file_perms;
+
+# mediacodec_google should never execute any executable without a domain transition
+neverallow mediacodec_google { file_type fs_type }:file execute_no_trans;
+
+# Media processing code is inherently risky and thus should have limited
+# permissions and be isolated from the rest of the system and network.
+# Lengthier explanation here:
+# https://android-developers.googleblog.com/2016/05/hardening-media-stack.html
+neverallow mediacodec_google domain:{ udp_socket rawip_socket } *;
+neverallow mediacodec_google { domain userdebug_or_eng(`-su') }:tcp_socket *;