Mark video secure devices as default dmabuf heaps

Mali driver (and codec HAL as well) require direct access to video secure dmabuf devices. Mali driver being an SP-HAL cannot explicitly write blanket rules for all the scontext. So, we piggyback on dmabuf_system_secure_heap_device to allow all scontext to be able to use these device nodes. This is just as secure as dmabuf_system_secure_heap_device in that case. There is no additional security impact. An app can still use gralloc to allocate buffers from these heaps and disallowing access to these heaps to the intended users. Bug: 278513588 Test: Trusting result of ag/22743596 (no zumapro device yet) Change-Id: I2fd77e6694cdd4d1e51c9f01f4ae2b9f9670cea0
2023-04-19 11:50:47 -07:00 · 2023-04-19 11:50:47 -07:00 · 129741a269
commit 129741a269
parent 4ce6753500
3 changed files with 4 additions and 4 deletions
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@ -160,7 +160,7 @@
 /dev/dma_heap/famodel-secure                                                u:object_r:faceauth_heap_device:s0
 /dev/dma_heap/faprev-secure                                                 u:object_r:faceauth_heap_device:s0
 /dev/dma_heap/farawimg-secure                                               u:object_r:faceauth_heap_device:s0
-/dev/dma_heap/vframe-secure                                                 u:object_r:video_secure_heap_device:s0
-/dev/dma_heap/vscaler-secure                                                u:object_r:video_secure_heap_device:s0
+/dev/dma_heap/vframe-secure                                                 u:object_r:dmabuf_system_secure_heap_device:s0
+/dev/dma_heap/vscaler-secure                                                u:object_r:vscaler_secure_heap_device:s0
 /dev/dma_heap/vstream-secure                                                u:object_r:dmabuf_system_secure_heap_device:s0
 /dev/uci                                                                    u:object_r:uci_device:s0