75806ef3c5
Ideally, public should only contain APIs (types / attributes) for
vendor. The other statements like allow/neverallow/typeattributes are
regarded as implementation detail for platform and should be in private.
Bug: 232023812
Test: m selinux_policy
Test: diff <(git diff --staged | grep "^-" | cut -b2- | sort) \
<(git diff --staged | grep "^+" | cut -b2- | sort)
Test: remove comments on plat_sepolicy.cil, replace base_typeattr_*
to base_typeattr and then compare old and new plat_sepolicy.cil
Change-Id: I5e7d2da4465ab0216de6bacdf03077d37f6ffe12
32 lines
1.2 KiB
Text
32 lines
1.2 KiB
Text
get_prop(hal_codec2_client, media_variant_prop)
|
|
get_prop(hal_codec2_server, media_variant_prop)
|
|
get_prop(hal_codec2_client, codec2_config_prop)
|
|
get_prop(hal_codec2_server, codec2_config_prop)
|
|
|
|
binder_call(hal_codec2_client, hal_codec2_server)
|
|
binder_call(hal_codec2_server, hal_codec2_client)
|
|
|
|
hal_attribute_hwservice(hal_codec2, hal_codec2_hwservice)
|
|
hal_attribute_service(hal_codec2, hal_codec2_service)
|
|
|
|
# The following permissions are added to hal_codec2_server because vendor and
|
|
# vndk libraries provided for Codec2 implementation need them.
|
|
|
|
# Allow server access to composer sync fences
|
|
allow hal_codec2_server hal_graphics_composer:fd use;
|
|
|
|
# Allow both server and client access to ion
|
|
allow hal_codec2_server ion_device:chr_file r_file_perms;
|
|
|
|
# Allow server access to camera HAL's fences
|
|
allow hal_codec2_server hal_camera:fd use;
|
|
|
|
# Receive gralloc buffer FDs from bufferhubd.
|
|
allow hal_codec2_server bufferhubd:fd use;
|
|
|
|
allow hal_codec2_client ion_device:chr_file r_file_perms;
|
|
|
|
# codec2 aidl graphic buffer allocation waitable object
|
|
allow hal_codec2_server su:fifo_file read;
|
|
allow hal_codec2_server mediaserver:fifo_file read;
|
|
allow hal_codec2_server { appdomain -isolated_app_all }:fifo_file read;
|