7baf725ea6
(breaks vendor blobs, will have to be regenerated after this CL) This moves mediacodec to vendor so it is replaced with hal_omx_server. The main benefit of this is that someone can create their own implementation of mediacodec without having to alter the one in the tree. mediacodec is still seccomp enforced by CTS tests. Fixes: 36375899 Test: (sanity) YouTube Test: (sanity) camera pics + video Test: check for denials Change-Id: I31f91b7ad6cd0a891a1681ff3b9af82ab400ce5e
33 lines
1.1 KiB
Text
33 lines
1.1 KiB
Text
# mediadrmserver - mediadrm daemon
|
|
type mediadrmserver, domain;
|
|
type mediadrmserver_exec, exec_type, file_type;
|
|
|
|
typeattribute mediadrmserver mlstrustedsubject;
|
|
|
|
net_domain(mediadrmserver)
|
|
binder_use(mediadrmserver)
|
|
binder_call(mediadrmserver, binderservicedomain)
|
|
binder_call(mediadrmserver, appdomain)
|
|
binder_service(mediadrmserver)
|
|
hal_client_domain(mediadrmserver, hal_drm)
|
|
|
|
add_service(mediadrmserver, mediadrmserver_service)
|
|
allow mediadrmserver mediaserver_service:service_manager find;
|
|
allow mediadrmserver mediametrics_service:service_manager find;
|
|
allow mediadrmserver processinfo_service:service_manager find;
|
|
allow mediadrmserver surfaceflinger_service:service_manager find;
|
|
allow mediadrmserver system_file:dir r_dir_perms;
|
|
|
|
# TODO(b/80317992): remove
|
|
binder_call(mediadrmserver, hal_omx_server)
|
|
|
|
###
|
|
### neverallow rules
|
|
###
|
|
|
|
# mediadrmserver should never execute any executable without a
|
|
# domain transition
|
|
neverallow mediadrmserver { file_type fs_type }:file execute_no_trans;
|
|
|
|
# do not allow privileged socket ioctl commands
|
|
neverallowxperm mediadrmserver domain:{ rawip_socket tcp_socket udp_socket } ioctl priv_sock_ioctls;
|