8c9cf62edb
One of the advantages of the DMA-BUF heaps framework over ION is that each heap is a separate char device and hence it is possible to create separate sepolicy permissions to restrict access to each heap. In the case of ION, allocation in every heap had to be done through /dev/ion which meant that there was no away to restrict allocations in a specific heap. This patch intends to restrict coredomain access to only approved categories of vendor heaps. Currently, the only identified category as per partner feedback is the system-secure heap which is defined as a heap that allocates from protected memory. Test: Build, video playback works on CF with ION disabled and without sepolicy denials Bug: 175697666 Change-Id: I923d2931c631d05d569e97f6e49145ef71324f3b |
||
|---|---|---|
| .. | ||
| include | ||
| Android.bp | ||
| combine_maps.py | ||
| fc_sort.py | ||
| mini_parser.py | ||
| policy.py | ||
| searchpolicy.py | ||
| sepol_wrap.cpp | ||
| sepolicy_tests.py | ||
| treble_sepolicy_tests.py | ||