Evolution-X-Tensor/device_google_gs101
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

SELinux error coming from mediacodec when using GCA and secure playback

Browse source 
Fixes the following denials:

avc: denied { read } for name="name" dev="sysfs" ino=63727 \
scontext=u:r:mediacodec:s0 tcontext=u:object_r:sysfs:s0 tclass=file \
permissive=0

avc: denied { read } for name="name" dev="sysfs" ino=63743 \
scontext=u:r:mediacodec:s0 tcontext=u:object_r:sysfs:s0 tclass=file \
permissive=0

avc: denied { read } for name="name" dev="sysfs" ino=64010 \
scontext=u:r:mediacodec:s0 tcontext=u:object_r:sysfs:s0 tclass=file \
permissive=0

avc: denied { search } for name="video6" dev="sysfs" ino=64587 \
scontext=u:r:mediacodec:s0 tcontext=u:object_r:sysfs_video:s0 \
tclass=dir permissive=0

Bug: 182525521
Bug: 184145552
Test: GCA recording works properly, \
      Netflix and ExoPlayer can play videos
Change-Id: Ib7220feedc5031fb0e5c05a2b487da2ddf8b98cd
This commit is contained in:
Charlie Chen 2021-04-01 10:01:14 +08:00
parent 6171dc4503
commit 5602dfde45
3 changed files with 4 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

4
whitechapel/vendor/google/file_contexts vendored
View file

@ -429,10 +429,6 @@
/dev/dma_heap/vstream-secure u:object_r:dmabuf_system_secure_heap_device:s0 /dev/dma_heap/vstream-secure u:object_r:dmabuf_system_secure_heap_device:s0
# Video sysfs files
/sys/devices/platform/mfc/video4linux/video6/name u:object_r:sysfs_video:s0
/sys/devices/platform/mfc/video4linux/video7/name u:object_r:sysfs_video:s0
# BigOcean # BigOcean
/dev/bigocean u:object_r:video_device:s0 /dev/bigocean u:object_r:video_device:s0

3
whitechapel/vendor/google/genfs_contexts vendored
View file

@ -243,3 +243,6 @@ genfscon sysfs /devices/platform/bigocean/sscoredump/sscd_bigocean/report_count
genfscon sysfs /devices/platform/debugcore/sscoredump/sscd_debugcore/report_count u:object_r:sysfs_sscoredump_subsystem_report_count:s0 genfscon sysfs /devices/platform/debugcore/sscoredump/sscd_debugcore/report_count u:object_r:sysfs_sscoredump_subsystem_report_count:s0
genfscon sysfs /devices/platform/mfc-core/sscoredump/sscd_mfc-core/report_count u:object_r:sysfs_sscoredump_subsystem_report_count:s0 genfscon sysfs /devices/platform/mfc-core/sscoredump/sscd_mfc-core/report_count u:object_r:sysfs_sscoredump_subsystem_report_count:s0
genfscon sysfs /devices/platform/wlan/sscoredump/sscd_wlan/report_count u:object_r:sysfs_sscoredump_subsystem_report_count:s0 genfscon sysfs /devices/platform/wlan/sscoredump/sscd_wlan/report_count u:object_r:sysfs_sscoredump_subsystem_report_count:s0
# mediacodec
genfscon sysfs /devices/platform/mfc/video4linux/video u:object_r:sysfs_video:s0

1
whitechapel/vendor/google/mediacodec.te vendored
View file

@ -5,4 +5,5 @@ userdebug_or_eng(`
add_service(mediacodec, eco_service) add_service(mediacodec, eco_service)
allow mediacodec hal_camera_default:binder call; allow mediacodec hal_camera_default:binder call;
allow mediacodec sysfs_video:file r_file_perms; allow mediacodec sysfs_video:file r_file_perms;
allow mediacodec sysfs_video:dir r_dir_perms;
allow mediacodec dmabuf_system_secure_heap_device:chr_file r_file_perms; allow mediacodec dmabuf_system_secure_heap_device:chr_file r_file_perms;