Allow mediacodec_google to access gpu_device

Bug: 228794372 Test: android.media.decoder.cts.DecoderTest#testAV1HdrToSdr The change is for following error: 04-08 17:02:44.020 1046 7284 7284 W HwBinder:7284_3: type=1400 audit(0.0:70491): avc: denied { getattr } for path="/dev/mali0" dev="tmpfs" ino=1052 scontext=u:r:mediacodec_google:s0 tcontext=u:object_r:gpu_device:s0 tclass=chr_file permissive=0 04-08 17:02:44.028 1046 7284 7284 W HwBinder:7284_3: type=1400 audit(0.0:70492): avc: denied { getattr } for path="/dev/mali0" dev="tmpfs" ino=1052 scontext=u:r:mediacodec_google:s0 tcontext=u:object_r:gpu_device:s0 tclass=chr_file permissive=0 04-08 17:02:44.040 1046 7284 7284 W HwBinder:7284_3: type=1400 audit(0.0:70493): avc: denied { getattr } for path="/dev/mali0" dev="tmpfs" ino=1052 scontext=u:r:mediacodec_google:s0 tcontext=u:object_r:gpu_device:s0 tclass=chr_file permissive=0 04-08 17:02:44.048 1046 7284 7284 W HwBinder:7284_3: type=1400 audit(0.0:70494): avc: denied { getattr } for path="/dev/mali0" dev="tmpfs" ino=1052 scontext=u:r:mediacodec_google:s0 tcontext=u:object_r:gpu_device:s0 tclass=chr_file permissive=0 Change-Id: Ie22903807fcc12d931cbdd36678ae1d4a3776a3d
2022-04-13 16:58:45 +08:00 · 2022-04-13 16:58:45 +08:00 · 9bc45b2d60
commit 9bc45b2d60
parent 2dc0bbd55b
1 changed files with 2 additions and 1 deletions
--- a/whitechapel_pro/mediacodec_google.te
+++ b/whitechapel_pro/mediacodec_google.te
@ -16,6 +16,7 @@ hal_client_domain(mediacodec_google, hal_graphics_allocator)
 allow mediacodec_google dmabuf_system_heap_device:chr_file r_file_perms;
 allow mediacodec_google dmabuf_system_secure_heap_device:chr_file r_file_perms;
 allow mediacodec_google video_device:chr_file rw_file_perms;
+allow mediacodec_google gpu_device:chr_file rw_file_perms;

 crash_dump_fallback(mediacodec_google)

@ -27,4 +28,4 @@ neverallow mediacodec_google { file_type fs_type }:file execute_no_trans;
 # Lengthier explanation here:
 # https://android-developers.googleblog.com/2016/05/hardening-media-stack.html
 neverallow mediacodec_google domain:{ udp_socket rawip_socket } *;
-neverallow mediacodec_google { domain userdebug_or_eng(`-su') }:tcp_socket *;
+neverallow mediacodec_google { domain userdebug_or_eng(`-su') }:tcp_socket *;