tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_system_sepolicy/vendor/mediacodec.te
Jason Macnak 4ddaa3f080 Adds GPU sepolicy to support devices with DRM gralloc/rendering 
... such as Cuttlefish (Cloud Android virtual device) which has a
DRM virtio-gpu based gralloc and (sometimes) DRM virtio-gpu based
rendering (when forwarding rendering commands to the host machine
with Mesa3D in the guest and virglrenderer on the host).

After this change is submitted, changes such as aosp/1997572 can
be submitted to removed sepolicy that is currently duplicated
across device/google/cuttlefish and device/linaro/dragonboard as
well.

Adds a sysfs_gpu type (existing replicated sysfs_gpu definitions
across several devices are removed in the attached topic). The
uses of `sysfs_gpu:file` comes from Mesa using libdrm's
`drmGetDevices2()` which calls into `drmParsePciDeviceInfo()` to
get vendor id, device id, version etc.

Ignore-AOSP-First: must be submitted in internal as a topic first to
                   avoid having duplicate definitions of sysfs_gpu
                   in projects that are only available in internal

Bug: b/161819018
Test: launch_cvd
Test: launch_cvd --gpu_mode=gfxstream
Change-Id: I4f7d4b0fb90bfeef72f94396ff0c5fe44d53510c
2022-04-18 12:54:47 -07:00

40 lines
1.5 KiB
Text
Raw Blame History

type mediacodec, domain, mlstrustedsubject;
type mediacodec_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(mediacodec)
# can route /dev/binder traffic to /dev/vndbinder
vndbinder_use(mediacodec)
hal_server_domain(mediacodec, hal_codec2)
hal_server_domain(mediacodec, hal_omx)
# mediacodec may use an input surface from a different Codec2 or OMX service
hal_client_domain(mediacodec, hal_codec2)
hal_client_domain(mediacodec, hal_omx)
hal_client_domain(mediacodec, hal_allocator)
hal_client_domain(mediacodec, hal_graphics_allocator)
allow mediacodec gpu_device:chr_file rw_file_perms;
allow mediacodec gpu_device:dir r_dir_perms;
allow mediacodec ion_device:chr_file rw_file_perms;
allow mediacodec dmabuf_system_heap_device:chr_file r_file_perms;
allow mediacodec video_device:chr_file rw_file_perms;
allow mediacodec video_device:dir search;
crash_dump_fallback(mediacodec)
# get aac_drc_* properties
get_prop(mediacodec, aac_drc_prop)
# mediacodec should never execute any executable without a domain transition
neverallow mediacodec { file_type fs_type }:file execute_no_trans;
# Media processing code is inherently risky and thus should have limited
# permissions and be isolated from the rest of the system and network.
# Lengthier explanation here:
# https://android-developers.googleblog.com/2016/05/hardening-media-stack.html
neverallow mediacodec domain:{ udp_socket rawip_socket } *;
neverallow mediacodec { domain userdebug_or_eng(`-su') }:tcp_socket *;
Reference in a new issue View git blame Copy permalink