From 8eed41c1aa5c1fb3c2d5a1b5eacf9ea4f751675d Mon Sep 17 00:00:00 2001
From: Sungtak Lee <taklee@google.com>
Date: Tue, 30 Apr 2024 22:48:32 +0000
Subject: [PATCH] Add policies for hal_codec2

Allow hal_codec2_server to read fifo_file from hal_codec2_client
Allow hal_codec2_client to find surfaceflinger_service:service_manager.

Bug: 337356582
Test: atest CtsMediaTranscodingTestCases
Change-Id: I76b2ca7d3caf7909d9d6df424eb5f68b1a0a6f03
---
 private/hal_codec2.te | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/private/hal_codec2.te b/private/hal_codec2.te
index 0bdcc23ec..df36ff8f2 100644
--- a/private/hal_codec2.te
+++ b/private/hal_codec2.te
@@ -26,7 +26,9 @@ allow hal_codec2_server bufferhubd:fd use;
 
 allow hal_codec2_client ion_device:chr_file r_file_perms;
 
+allow { hal_codec2_client -isolated_app_all } surfaceflinger_service:service_manager find;
+
 # codec2 aidl graphic buffer allocation waitable object
 allow hal_codec2_server su:fifo_file read;
-allow hal_codec2_server mediaserver:fifo_file read;
+allow hal_codec2_server hal_codec2_client:fifo_file read;
 allow hal_codec2_server { appdomain -isolated_app_all }:fifo_file read;