Commit graph

20 commits

Author SHA1 Message Date
Wonsik Kim
806c625192 Allow mediaserver access to media_native flag namespace
Bug: 275527219
Test: add sepolicy, build, check GetServerConfigurableFlag function
Change-Id: I7db0fb2f97860782cca0cb2b0324fbb3f1f2d8b3
2023-05-18 21:29:07 -07:00
Gavin Corkery
a2e6584772 Allow mediaprovider and mediaserver to read sdk_sandbox_data_file
Context: go/videoview-local-sandbox. This change is required to
play local files in a VideoView in the SDK sandbox.

Test: Manual steps described in doc
Bug: 266592086
Change-Id: I940609d5dff4fc73d0376489646488c7b96eebb8
2023-05-04 16:21:38 +00:00
Girish
f9ef01a285 Allow communication between mediaserver & statsd
Bug: 265488359
Test: atest cts/tests/media/misc/src/android/media/misc/cts/ResourceManagerTest.java
Change-Id: I34bcdc3c403093af90a0e09b18842d7b872c0392
2023-02-01 22:33:28 +00:00
hkuang
de370e5161 Allow mediaserver start transcoding service.
Bug: 187271658
Test: atest MediaTranscodeManagerTest; unit tests
Change-Id: I847a83ec3e0d852266b7b0c624767e72d48b45d5
2021-05-17 13:52:38 -07:00
Inseob Kim
832e17b695 Relabel drm related props from exported*_prop
To clean up bad context name exported[23]_default_prop

Bug: 155844385
Test: m selinux_policy
Change-Id: I9f9ddb0d44c4cea9bd1724df730bb7be9a6fb2d2
2020-06-19 10:52:10 +09:00
Chong Zhang
351dd88e86 transcoding: allow transcoding service to use media services
Also allow it to use fd from shell for unit tests.

bug: 154734285
Change-Id: I2c5f3feca11f7ee4ee3ad927050b31f425370a84
2020-06-16 15:45:13 -07:00
Inseob Kim
bfb10a9bc0 Move media.* properties to media_config_prop
Bug: 154885206
Bug: 155844385
Test: m selinux_policy
Change-Id: Idfbafd29c51f7ce4512ea0d88fc7534e28eb1738
2020-05-13 09:38:08 +09:00
Inseob Kim
55e5c9b513 Move system property rules to private
public/property split is landed to selectively export public types to
vendors. So rules happening within system should be in private. This
introduces private/property.te and moves all allow and neverallow rules
from any coredomains to system defiend properties.

Bug: 150331497
Test: system/sepolicy/tools/build_policies.sh
Change-Id: I0d929024ae9f4ae3830d4bf3d59e999febb22cbe
Merged-In: I0d929024ae9f4ae3830d4bf3d59e999febb22cbe
(cherry picked from commit 42c7d8966c)
2020-03-18 16:46:04 +00:00
Chong Zhang
c10a9eadd8 allow mediaserver to use appdomain_tmpfs
mediaserver and mediaextractor both need this.

bug: 145607042
bug: 145355521
test: run modified android.media.cts.HeifWriterTest
to use the new android.Os.memfd_create, the test
should pass; shouldn't fail in verification step
due to MediaMetadataRetriever can't access the memfd.

Change-Id: I47dabb9d98c77b647521884c7b5fadf04eae3b41
2019-12-05 12:14:13 -08:00
Hangyu Kuang
ee3a8ea798 MediaTranscodingService: Add sepolicy for MediaTranscodingService.
Bug:145233472
Test: Build and flash the phone.
"adb shell dumpsys -l | grep media" shows media.transcoding service.

Change-Id: I48a42e7b595754989c92a8469eb91360ab6db7c6
2019-12-02 13:57:28 -08:00
Robert Shih
cc8a4d3bf2 allow mediaserver to access drm hidl
Previously mediaserver could only access hidl via mediadrmserver.
Required because mediadrmserver will be removed in R.

Bug: 134787536
Bug: 144731879
Test: MediaPlayerDrmTest
Change-Id: If0ae1453251e88775a43750e24f7dac198294780
2019-11-25 11:24:44 -08:00
Chong Zhang
0ee3eecbfa allow mediaserver to access configstore
This is needed to use graphics RenderEngine, creation will
try to access configstore.

bug: 135717526
test: run MediaMetadataRetrieverTest, there shouldn't be any
avc denials in logcat.

Change-Id: Ie26ffe4844edd52684f254e77d9f515550dc82fb
2019-11-01 10:07:36 -07:00
Pawin Vongmasa
609c243dd0 Properly define hal_codec2 and related policies
Test: make cts -j123 && cts-tradefed run cts-dev -m \
CtsMediaTestCases --compatibility:module-arg \
CtsMediaTestCases:include-annotation:\
android.platform.test.annotations.RequiresDevice

Bug: 131677974
Change-Id: I59c3d225499a8c53c2ed9f3bd677ff3d7423990b
2019-05-23 03:53:47 -07:00
Jeff Vander Stoep
e16fb9109c Properly Treble-ize tmpfs access
This is being done in preparation for the migration from ashmem to
memfd. In order for tmpfs objects to be usable across the Treble
boundary, they need to be declared in public policy whereas, they're
currently all declared in private policy as part of the
tmpfs_domain() macro. Remove the type declaration from the
macro, and remove tmpfs_domain() from the init_daemon_domain() macro
to avoid having to declare the *_tmpfs types for all init launched
domains. tmpfs is mostly used by apps and the media frameworks.

Bug: 122854450
Test: Boot Taimen and blueline. Watch videos, make phone calls, browse
internet, send text, install angry birds...play angry birds, keep
playing angry birds...

Change-Id: I20a47d2bb22e61b16187015c7bc7ca10accf6358
2019-01-25 08:56:45 -08:00
Steven Moreland
7baf725ea6 mediacodec->mediacodec+hal_omx{,_server,_client}
(breaks vendor blobs, will have to be regenerated
after this CL)

This moves mediacodec to vendor so it is replaced with
hal_omx_server. The main benefit of this is that someone
can create their own implementation of mediacodec without
having to alter the one in the tree. mediacodec is still
seccomp enforced by CTS tests.

Fixes: 36375899
Test: (sanity) YouTube
Test: (sanity) camera pics + video
Test: check for denials
Change-Id: I31f91b7ad6cd0a891a1681ff3b9af82ab400ce5e
2018-05-30 18:12:32 +00:00
Pawin Vongmasa
19a74ec88a Put in sepolicies for Codec2.0 services
Test: Builds

Bug: 64121714
Bug: 31973802
Change-Id: Id37be8726a8bb297e35bca494964fdbcc48c6a73
(cherry picked from commit 4be2889477)
2018-05-04 21:36:41 +00:00
Alex Klyubin
53656c1742 Restrict access to hwservicemanager
This adds fine-grained policy about who can register and find which
HwBinder services in hwservicemanager.

Test: Play movie in Netflix and Google Play Movies
Test: Play video in YouTube app and YouTube web page
Test: In Google Camera app, take photo (HDR+ and conventional),
      record video (slow motion and normal), and check that photos
      look fine and videos play back with sound.
Test: Cast screen to a Google Cast device
Test: Get location fix in Google Maps
Test: Make and receive a phone call, check that sound works both ways
      and that disconnecting the call frome either end works fine.
Test: Run RsHelloCompute RenderScript demo app
Test: Run fast subset of media CTS tests:
      make and install CtsMediaTestCases.apk
      adb shell am instrument -e size small \
          -w 'android.media.cts/android.support.test.runner.AndroidJUnitRunner'
Test: Play music using Google Play music
Test: Adjust screen brightness via the slider in Quick Settings
Test: adb bugreport
Test: Enroll in fingerprint screen unlock, unlock screen using
      fingerprint
Test: Apply OTA update:
      Make some visible change, e.g., rename Settings app.
      make otatools && \
      make dist
      Ensure device has network connectivity
      ota_call.py -s <serial here> --file out/dist/sailfish-ota-*.zip
      Confirm the change is now live on the device
Bug: 34454312
(cherry picked from commit 632bc494f1)
Merged-In: Iecf74000e6c68f01299667486f3c767912c076d3
Change-Id: I7a9a487beaf6f30c52ce08e04d415624da49dd31
2017-04-21 09:54:53 -07:00
Mathias Agopian
9901ff7c4f update sepolicy for gralloc HAL
the list to update was determined by looking
at who currently has access to surfaceflinger
for ipc and FD use.

Test: try some media stuff
Bug: 36333314
Change-Id: I474d0c44f8cb3868aad7a64e5a3640cf212d264d
2017-03-30 14:43:35 -07:00
Alex Klyubin
f5446eb148 Vendor domains must not use Binder
On PRODUCT_FULL_TREBLE devices, non-vendor domains (except vendor
apps) are not permitted to use Binder. This commit thus:
* groups non-vendor domains using the new "coredomain" attribute,
* adds neverallow rules restricting Binder use to coredomain and
  appdomain only, and
* temporarily exempts the domains which are currently violating this
  rule from this restriction. These domains are grouped using the new
  "binder_in_vendor_violators" attribute. The attribute is needed
  because the types corresponding to violators are not exposed to the
  public policy where the neverallow rules are.

Test: mmm system/sepolicy
Test: Device boots, no new denials
Test: In Chrome, navigate to ip6.me, play a YouTube video
Test: YouTube: play a video
Test: Netflix: play a movie
Test: Google Camera: take a photo, take an HDR+ photo, record video with
      sound, record slow motion video with sound. Confirm videos play
      back fine and with sound.
Bug: 35870313
Change-Id: I0cd1a80b60bcbde358ce0f7a47b90f4435a45c95
2017-03-24 07:54:00 -07:00
dcashman
cc39f63773 Split general policy into public and private components.
Divide policy into public and private components.  This is the first
step in splitting the policy creation for platform and non-platform
policies.  The policy in the public directory will be exported for use
in non-platform policy creation.  Backwards compatibility with it will
be achieved by converting the exported policy into attribute-based
policy when included as part of the non-platform policy and a mapping
file will be maintained to be included with the platform policy that
maps exported attributes of previous versions to the current platform
version.

Eventually we would like to create a clear interface between the
platform and non-platform device components so that the exported policy,
and the need for attributes is minimal.  For now, almost all types and
avrules are left in public.

Test: Tested by building policy and running on device.

Change-Id: Idef796c9ec169259787c3f9d8f423edf4ce27f8c
2016-10-06 13:09:06 -07:00