Evolution-X-Tensor/device_google_gs101
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Allow Exoplayer access to the vstream-secure heap for secure playback

Browse source 
Fixes the following denials:

avc: denied { read } for name="vstream-secure" dev="tmpfs"
ino=736 scontext=u:r:untrusted_app_25:s0:c512,c768
tcontext=u:object_r:dmabuf_heap_device:s0 tclass=chr_file permissive=0
app=com.google.android.exoplayer.demo
avc: denied { read } for name="vstream-secure" dev="tmpfs" ino=736
scontext=u:r:untrusted_app_25:s0:c512,c768
tcontext=u:object_r:dmabuf_heap_device:s0
tclass=chr_file permissive=0 app=com.google.android.exoplayer.demo
avc: denied { read } for name="vstream-secure" dev="tmpfs" ino=736
scontext=u:r:untrusted_app_25:s0:c512,c768
tcontext=u:object_r:dmabuf_heap_device:s0
tclass=chr_file permissive=0 app=com.google.android.exoplayer.demo

Bug: 178865267
Test: no more denials
Change-Id: I6612bd56c49558b13e2ae72cfbf3552715729e7a
Signed-off-by: Hridya Valsaraju <hridya@google.com>
This commit is contained in:
Hridya Valsaraju 2021-03-23 12:43:37 -07:00
parent 9ec1be4eb9
commit fb862c0888
2 changed files with 6 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

2
whitechapel/vendor/google/file_contexts vendored
View file

@ -412,6 +412,8 @@
/dev/dma_heap/video_system u:object_r:dmabuf_system_heap_device:s0
/dev/dma_heap/video_system-uncached u:object_r:dmabuf_system_heap_device:s0
/dev/dma_heap/vstream-secure u:object_r:dmabuf_system_secure_heap_device:s0
# Video sysfs files
/sys/devices/platform/mfc/video4linux/video6/name u:object_r:sysfs_video:s0
/sys/devices/platform/mfc/video4linux/video7/name u:object_r:sysfs_video:s0

4
whitechapel/vendor/google/untrusted_app_all.te vendored
View file

@ -4,3 +4,7 @@ allow untrusted_app_all edgetpu_service:service_manager find;
# Allows applications to access the EdgeTPU device, except open, which is guarded
# by the EdgeTPU service.
allow untrusted_app_all edgetpu_device:chr_file { getattr read write ioctl map };
# Allows Exoplayer(and other applications) access to the vstream-secure DMA-BUF heap
# for secure video playback
allow untrusted_app_all dmabuf_system_secure_heap_device:chr_file r_file_perms;