Allow mediacodec_google to access gpu_device am: 9bc45b2d60 am: 907fa780c6

Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/17731167 Change-Id: Ia9cf89db957fbcbe2c5fdd508c21ea91b71fba39 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-18 07:42:04 +00:00 · 2022-04-18 07:42:04 +00:00 · 14fa939e02
commit 14fa939e02
parent 9b19670fde 907fa780c6
1 changed files with 2 additions and 1 deletions
--- a/whitechapel_pro/mediacodec_google.te
+++ b/whitechapel_pro/mediacodec_google.te
@ -16,6 +16,7 @@ hal_client_domain(mediacodec_google, hal_graphics_allocator)
 allow mediacodec_google dmabuf_system_heap_device:chr_file r_file_perms;
 allow mediacodec_google dmabuf_system_secure_heap_device:chr_file r_file_perms;
 allow mediacodec_google video_device:chr_file rw_file_perms;
+allow mediacodec_google gpu_device:chr_file rw_file_perms;

 crash_dump_fallback(mediacodec_google)

@ -27,4 +28,4 @@ neverallow mediacodec_google { file_type fs_type }:file execute_no_trans;
 # Lengthier explanation here:
 # https://android-developers.googleblog.com/2016/05/hardening-media-stack.html
 neverallow mediacodec_google domain:{ udp_socket rawip_socket } *;
-neverallow mediacodec_google { domain userdebug_or_eng(`-su') }:tcp_socket *;
+neverallow mediacodec_google { domain userdebug_or_eng(`-su') }:tcp_socket *;