From e2395610618e17fe98014e46198e23848771cb7c Mon Sep 17 00:00:00 2001
From: Ruofei Ma <ruofeim@google.com>
Date: Thu, 3 Mar 2022 04:51:39 +0000
Subject: [PATCH] Allow mediacodec_google to access secure dma heap

The change is for following error:
HwBinder:867_1: type=1400 audit(0.0:9): avc: denied { read } for
name="vframe-secure" dev="tmpfs" ino=425 scontext=u:r:mediacodec_google:s0
tcontext=u:object_r:dmabuf_system_secure_heap_device:s0
tclass=chr_file permissive=0

Bug:221500257

Change-Id: I03e8c9b4f1d2099e6d7cd6d56f8d7f0834fd0009
---
 whitechapel_pro/mediacodec_google.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/whitechapel_pro/mediacodec_google.te b/whitechapel_pro/mediacodec_google.te
index c750ea75..21aea333 100644
--- a/whitechapel_pro/mediacodec_google.te
+++ b/whitechapel_pro/mediacodec_google.te
@@ -14,6 +14,7 @@ hal_client_domain(mediacodec_google, hal_codec2)
 hal_client_domain(mediacodec_google, hal_graphics_allocator)
 
 allow mediacodec_google dmabuf_system_heap_device:chr_file r_file_perms;
+allow mediacodec_google dmabuf_system_secure_heap_device:chr_file r_file_perms;
 allow mediacodec_google video_device:chr_file rw_file_perms;
 
 crash_dump_fallback(mediacodec_google)