Evolution-X-Tensor/device_google_gs101
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add sepolicy for MFC device

Browse source 
- Add sysfs_video type for mfc device
- Allow mediacode to access sysfs_video

avc: denied { read } for name="name" dev="sysfs" ino=62278 \
scontext=u:r:mediacodec:s0 tcontext=u:object_r:sysfs:s0 \
tclass=file permissive=1

avc: denied { open } for path="/sys/devices/platform/mfc/video4linux/video7/name" \
dev="sysfs" ino=62278 scontext=u:r:mediacodec:s0 tcontext=u:object_r:sysfs:s0 \
tclass=file permissive=1

avc: denied { getattr } for path="/sys/devices/platform/mfc/video4linux/video7/name" \
dev="sysfs" ino=62278 scontext=u:r:mediacodec:s0 tcontext=u:object_r:sysfs:s0 \
tclass=file permissive=1

avc: denied { read } for name="name" dev="sysfs" ino=62230 \
scontext=u:r:mediacodec:s0 tcontext=u:object_r:sysfs:s0 \
tclass=file permissive=1

avc: denied { open } for path="/sys/devices/platform/mfc/video4linux/video6/name" \
dev="sysfs" ino=62230 scontext=u:r:mediacodec:s0 tcontext=u:object_r:sysfs:s0 \
tclass=file permissive=1

avc: denied { getattr } for path="/sys/devices/platform/mfc/video4linux/video6/name" \
dev="sysfs" ino=62230 scontext=u:r:mediacodec:s0 tcontext=u:object_r:sysfs:s0 \
tclass=file permissive=1

Bug: 172173484
Test: video playback / camera recording with enforcing mode
Change-Id: Id7f43fe11c9ed089067f43a50d7f765df873d6c6
This commit is contained in:
wenchangliu 2021-03-11 22:34:13 +08:00
parent 6657774b4c
commit b52121a259
4 changed files with 8 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

7
tracking_denials/mediacodec.te
View file

@ -1,7 +0,0 @@
# b/172173484
dontaudit mediacodec sysfs:file { getattr };
dontaudit mediacodec sysfs:file { open };
dontaudit mediacodec sysfs:file { read };
userdebug_or_eng(`
permissive mediacodec;
')

3
whitechapel/vendor/google/file.te vendored
View file

@ -177,3 +177,6 @@ type sysfs_memory, sysfs_type, fs_type;
# bcmdhd (Broadcom FullMAC wireless cards support) # bcmdhd (Broadcom FullMAC wireless cards support)
type sysfs_bcmdhd, sysfs_type, fs_type; type sysfs_bcmdhd, sysfs_type, fs_type;
# Video
type sysfs_video, sysfs_type, fs_type;

4
whitechapel/vendor/google/file_contexts vendored
View file

@ -401,3 +401,7 @@
# video system DMA-BUF heap # video system DMA-BUF heap
/dev/dma_heap/video_system u:object_r:dmabuf_system_heap_device:s0 /dev/dma_heap/video_system u:object_r:dmabuf_system_heap_device:s0
/dev/dma_heap/video_system-uncached u:object_r:dmabuf_system_heap_device:s0 /dev/dma_heap/video_system-uncached u:object_r:dmabuf_system_heap_device:s0
# Video sysfs files
/sys/devices/platform/mfc/video4linux/video6/name u:object_r:sysfs_video:s0
/sys/devices/platform/mfc/video4linux/video7/name u:object_r:sysfs_video:s0

1
whitechapel/vendor/google/mediacodec.te vendored
View file

@ -4,3 +4,4 @@ userdebug_or_eng(`
add_service(mediacodec, eco_service) add_service(mediacodec, eco_service)
allow mediacodec hal_camera_default:binder call; allow mediacodec hal_camera_default:binder call;
allow mediacodec sysfs_video:file r_file_perms;