From 9bc45b2d601fe26b821f9ab768e93be66b441631 Mon Sep 17 00:00:00 2001
From: Jerry Huang <huangjerry@google.com>
Date: Wed, 13 Apr 2022 16:58:45 +0800
Subject: [PATCH] Allow mediacodec_google to access gpu_device

Bug: 228794372
Test: android.media.decoder.cts.DecoderTest#testAV1HdrToSdr

The change is for following error:
04-08 17:02:44.020  1046  7284  7284 W HwBinder:7284_3: type=1400 audit(0.0:70491): avc: denied { getattr } for path="/dev/mali0" dev="tmpfs" ino=1052 scontext=u:r:mediacodec_google:s0 tcontext=u:object_r:gpu_device:s0 tclass=chr_file permissive=0
04-08 17:02:44.028  1046  7284  7284 W HwBinder:7284_3: type=1400 audit(0.0:70492): avc: denied { getattr } for path="/dev/mali0" dev="tmpfs" ino=1052 scontext=u:r:mediacodec_google:s0 tcontext=u:object_r:gpu_device:s0 tclass=chr_file permissive=0
04-08 17:02:44.040  1046  7284  7284 W HwBinder:7284_3: type=1400 audit(0.0:70493): avc: denied { getattr } for path="/dev/mali0" dev="tmpfs" ino=1052 scontext=u:r:mediacodec_google:s0 tcontext=u:object_r:gpu_device:s0 tclass=chr_file permissive=0
04-08 17:02:44.048  1046  7284  7284 W HwBinder:7284_3: type=1400 audit(0.0:70494): avc: denied { getattr } for path="/dev/mali0" dev="tmpfs" ino=1052 scontext=u:r:mediacodec_google:s0 tcontext=u:object_r:gpu_device:s0 tclass=chr_file permissive=0

Change-Id: Ie22903807fcc12d931cbdd36678ae1d4a3776a3d
---
 whitechapel_pro/mediacodec_google.te | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/whitechapel_pro/mediacodec_google.te b/whitechapel_pro/mediacodec_google.te
index 21aea333..fb719b16 100644
--- a/whitechapel_pro/mediacodec_google.te
+++ b/whitechapel_pro/mediacodec_google.te
@@ -16,6 +16,7 @@ hal_client_domain(mediacodec_google, hal_graphics_allocator)
 allow mediacodec_google dmabuf_system_heap_device:chr_file r_file_perms;
 allow mediacodec_google dmabuf_system_secure_heap_device:chr_file r_file_perms;
 allow mediacodec_google video_device:chr_file rw_file_perms;
+allow mediacodec_google gpu_device:chr_file rw_file_perms;
 
 crash_dump_fallback(mediacodec_google)
 
@@ -27,4 +28,4 @@ neverallow mediacodec_google { file_type fs_type }:file execute_no_trans;
 # Lengthier explanation here:
 # https://android-developers.googleblog.com/2016/05/hardening-media-stack.html
 neverallow mediacodec_google domain:{ udp_socket rawip_socket } *;
-neverallow mediacodec_google { domain userdebug_or_eng(`-su') }:tcp_socket *;
\ No newline at end of file
+neverallow mediacodec_google { domain userdebug_or_eng(`-su') }:tcp_socket *;