7baf725ea6
(breaks vendor blobs, will have to be regenerated after this CL) This moves mediacodec to vendor so it is replaced with hal_omx_server. The main benefit of this is that someone can create their own implementation of mediacodec without having to alter the one in the tree. mediacodec is still seccomp enforced by CTS tests. Fixes: 36375899 Test: (sanity) YouTube Test: (sanity) camera pics + video Test: check for denials Change-Id: I31f91b7ad6cd0a891a1681ff3b9af82ab400ce5e
20 lines
720 B
Text
20 lines
720 B
Text
# bufferhubd
|
|
type bufferhubd, domain, mlstrustedsubject;
|
|
type bufferhubd_exec, exec_type, file_type;
|
|
|
|
hal_client_domain(bufferhubd, hal_graphics_allocator)
|
|
|
|
pdx_server(bufferhubd, bufferhub_client)
|
|
pdx_client(bufferhubd, performance_client)
|
|
|
|
# Access the GPU.
|
|
allow bufferhubd gpu_device:chr_file rw_file_perms;
|
|
|
|
# Access /dev/ion
|
|
allow bufferhubd ion_device:chr_file r_file_perms;
|
|
|
|
# Receive sync fence FDs from hal_omx_server. Note that hal_omx_server never directly
|
|
# connects to bufferhubd via PDX. Instead, a VR app acts as a bridge between
|
|
# those two: it talks to hal_omx_server via Binder and talks to bufferhubd via PDX.
|
|
# Thus, there is no need to use pdx_client macro.
|
|
allow bufferhubd hal_omx_server:fd use;
|