mediacodec: fix vpu device sepolicy for video playback
08-27 11:30:17.500 734 734 I binder:734_4: type=1400 audit(0.0:1288): avc: denied { read write } for name="vpu" dev="tmpfs" ino=1585 scontext=u:r:mediacodec_google:s0 tcontext=u:object_r:video_device:s0 tclass=chr_file permissive=1 08-27 11:30:17.500 734 734 I binder:734_4: type=1400 audit(0.0:1289): avc: denied { open } for path="/dev/vpu" dev="tmpfs" ino=1585 scontext=u:r:mediacodec_google:s0 tcontext=u:object_r:video_device:s0 tclass=chr_file permissive=1 08-27 11:30:17.500 734 734 I binder:734_4: type=1400 audit(0.0:1290): avc: denied { ioctl } for path="/dev/vpu" dev="tmpfs" ino=1585 ioctlcmd=0x4200 scontext=u:r:mediacodec_google:s0 tcontext=u:object_r:video_device:s0 tclass=chr_file permissive=1 08-27 11:30:17.500 734 734 I binder:734_4: type=1400 audit(0.0:1291): avc: denied { map } for path="/dev/vpu" dev="tmpfs" ino=1585 scontext=u:r:mediacodec_google:s0 tcontext=u:object_r:video_device:s0 tclass=chr_file permissive=1 08-27 11:30:18.944 734 734 I FetchThread: type=1400 audit(0.0:1292): avc: denied { ioctl } for path="/dev/vpu" dev="tmpfs" ino=1585 ioctlcmd=0x4207 scontext=u:r:mediacodec_google:s0 tcontext=u:object_r:video_device:s0 tclass=chr_file permissive=1 Bug: 353638738 Flag: EXEMPT bugfix Test: video playback Change-Id: I8ad4507693a4a0fbbd2709bd79d25b1ef4109904
This commit is contained in:
parent
e4506b0159
commit
a01bc1d315
1 changed files with 1 additions and 0 deletions
|
@ -8,6 +8,7 @@ hal_server_domain(mediacodec_google, hal_codec2)
|
|||
hal_client_domain(mediacodec_google, hal_graphics_allocator)
|
||||
|
||||
allow mediacodec_google dmabuf_system_heap_device:chr_file r_file_perms;
|
||||
allow mediacodec_google video_device:chr_file { read write open ioctl map };
|
||||
|
||||
# mediacodec_google should never execute any executable without a domain transition
|
||||
neverallow mediacodec_google { file_type fs_type }:file execute_no_trans;
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue