From 912984c964913e78da26da0c726efb9b5e7b0b33 Mon Sep 17 00:00:00 2001 From: Jerry Huang Date: Wed, 22 Mar 2023 14:18:20 +0800 Subject: [PATCH] Keep name "dmabuf_system_secure_heap_device" for secure playback Fixes the following denials: 03-13 14:31:22.796 W CodecLooper: type=1400 audit(0.0:284): avc: denied { read } for name="vstream-secure" dev="tmpfs" ino=865 scontext=u:r:untrusted_app_29:s0:c49,c257,c512,c768 tcontext=u:object_r:video_secure_heap_device:s0 tclass=chr_file permissive=0 app=com.google.android.exoplayer2.demo 03-13 14:31:22.796 I auditd : type=1400 audit(0.0:281): avc: denied { read } for comm="CodecLooper" name="vstream-secure" dev="tmpfs" ino=865 scontext=u:r:untrusted_app_29:s0:c49,c257,c512,c768 tcontext=u:object_r:video_secure_heap_device:s0 tclass=chr_file permissive=0 app=com.google.android.exoplayer2.demo 03-14 15:01:48.069 1429 1429 W CodecLooper: type=1400 audit(0.0:1469): avc: denied { read } for name="vstream-secure" dev="tmpfs" ino=807 scontext=u:r:untrusted_app_32:s0:c65,c257,c512,c768 tcontext=u:object_r:video_secure_heap_device:s0 tclass=chr_file permissive=0 app=com.disney.disneyplus Bug: 268197530 Test: secure playback Change-Id: I09a24fcf03f1f66b4c85d3b3949f33ad0d0f8dac --- vendor/file_contexts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vendor/file_contexts b/vendor/file_contexts index d3325f4f..7eaee1c7 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -163,5 +163,5 @@ /dev/dma_heap/farawimg-secure u:object_r:faceauth_heap_device:s0 /dev/dma_heap/vframe-secure u:object_r:video_secure_heap_device:s0 /dev/dma_heap/vscaler-secure u:object_r:video_secure_heap_device:s0 -/dev/dma_heap/vstream-secure u:object_r:video_secure_heap_device:s0 +/dev/dma_heap/vstream-secure u:object_r:dmabuf_system_secure_heap_device:s0 /dev/uci u:object_r:uci_device:s0