Gitiles
Code Review Sign In
LeafOS / LeafOS-Devices / android_device_mediatek_sepolicy_vndr / b924fa405828c07fd36163fbeed0d7d646f0c3d6^! / .
commitb924fa405828c07fd36163fbeed0d7d646f0c3d6[log] [tgz]
authorSamarV-121 <samarvispute121@pm.me>Sat Sep 17 11:43:05 2022 +0530
committerMatsvei Niaverau <matvej2002@gmail.com>Mon Jan 02 23:50:10 2023 +0100
tree277e9de8b185e02977c7730cdb2c3c491d607e54
parentca74f59339dba43024eb042f2c99eb704e1c1585 [diff]
sepolicy: basic: non_plat: Add selinux rules for mtkcodecservice HAL

Change-Id: Ia024bc02b07c45c17475005b4216baa50cee9c13

diff --git a/basic/non_plat/file_contexts b/basic/non_plat/file_contexts
index c2ce153..59087e3 100644
--- a/basic/non_plat/file_contexts
+++ b/basic/non_plat/file_contexts

@@ -712,6 +712,7 @@
 /(vendor|system/vendor)/bin/hw/android\.hardware\.media\.c2@1\.2-mediatek                   u:object_r:mtk_hal_c2_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.media\.c2@1\.2-mediatek-64b               u:object_r:mtk_hal_c2_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.memtrack-service\.mediatek                u:object_r:mtk_hal_memtrack_exec:s0
+/(vendor|system/vendor)/bin/hw/vendor\.mediatek\.hardware\.mtkcodecservice@1\.1-service     u:object_r:hal_mtkcodecservice_default_exec:s0
 
 # Google Trusty system files
 /(vendor|system/vendor)/bin/hw/android\.hardware\.keymaster@3\.0-service\.trusty u:object_r:hal_keymaster_default_exec:s0

diff --git a/basic/non_plat/hal_mtkcodecservice_default.te b/basic/non_plat/hal_mtkcodecservice_default.te
new file mode 100644
index 0000000..2d98cc6
--- /dev/null
+++ b/basic/non_plat/hal_mtkcodecservice_default.te

@@ -0,0 +1,17 @@
+type hal_mtkcodecservice_default, domain;
+type hal_mtkcodecservice_default_exec, exec_type, file_type, vendor_file_type;
+
+init_daemon_domain(hal_mtkcodecservice_default)
+
+hal_server_domain(hal_mtkcodecservice_default, hal_mtkcodecservice)
+
+hal_client_domain(hal_mtkcodecservice_default, hal_allocator)
+
+binder_call(hal_mtkcodecservice_client, hal_mtkcodecservice_server)
+binder_call(hal_mtkcodecservice_server, hal_mtkcodecservice_client)
+
+add_hwservice(hal_mtkcodecservice_server, hal_mtkcodecservice_hwservice)
+allow hal_mtkcodecservice_client hal_mtkcodecservice_hwservice:hwservice_manager find;
+
+allow hal_mtkcodecservice_default hidl_allocator_hwservice:hwservice_manager find;
+allow hal_mtkcodecservice_default hidl_memory_hwservice:hwservice_manager find;

diff --git a/basic/non_plat/hwservice.te b/basic/non_plat/hwservice.te
index 16bfdf4..74afe86 100644
--- a/basic/non_plat/hwservice.te
+++ b/basic/non_plat/hwservice.te

@@ -77,3 +77,4 @@
 
 # GPU HIDL
 type mtk_hal_gpu_hwservice, hwservice_manager_type;
+type hal_mtkcodecservice_hwservice, hwservice_manager_type;

diff --git a/basic/non_plat/hwservice_contexts b/basic/non_plat/hwservice_contexts
index cffdba4..a080125 100644
--- a/basic/non_plat/hwservice_contexts
+++ b/basic/non_plat/hwservice_contexts

@@ -90,3 +90,5 @@
 # Date: 2021/06/30
 # composer extension HIDL
 vendor.mediatek.hardware.composer_ext::IComposerExt u:object_r:mtk_hal_composer_ext_hwservice:s0
+
+vendor.mediatek.hardware.mtkcodecservice::IMtkCodecService u:object_r:hal_mtkcodecservice_hwservice:s0

diff --git a/basic/non_plat/mediacodec.te b/basic/non_plat/mediacodec.te
index fc0847e..e8b61be 100644
--- a/basic/non_plat/mediacodec.te
+++ b/basic/non_plat/mediacodec.te

@@ -150,3 +150,5 @@
 get_prop(mediacodec, vendor_mtk_deinterlace_prop)
 get_prop(mediacodec, vendor_mtk_omx_core_prop)
 get_prop(mediacodec, vendor_mtk_hdr_video_prop)
+
+hal_client_domain(mediacodec, hal_mtkcodecservice)

diff --git a/basic/non_plat/mediaserver.te b/basic/non_plat/mediaserver.te
index 1cc0cf4..7a770c7 100644
--- a/basic/non_plat/mediaserver.te
+++ b/basic/non_plat/mediaserver.te

@@ -307,3 +307,5 @@
 hal_client_domain(mediaserver, hal_power)
 
 allow mediaserver vpud_device:chr_file rw_file_perms;
+
+hal_client_domain(mediaserver, hal_mtkcodecservice)

diff --git a/basic/non_plat/system_server.te b/basic/non_plat/system_server.te
index f7b527a..8496364 100644
--- a/basic/non_plat/system_server.te
+++ b/basic/non_plat/system_server.te

@@ -276,3 +276,5 @@
 
 # when anr dump process, SystemServer need send sigal
 allow system_server mtk_hal_pq:process signal;
+
+hal_client_domain(system_server, hal_mtkcodecservice)

diff --git a/basic/plat_public/attributes b/basic/plat_public/attributes
index 07ef535..6245013 100644
--- a/basic/plat_public/attributes
+++ b/basic/plat_public/attributes

@@ -116,3 +116,7 @@
 attribute hal_mtk_mmagent;
 attribute hal_mtk_mmagent_client;
 attribute hal_mtk_mmagent_server;
+
+attribute hal_mtkcodecservice;
+attribute hal_mtkcodecservice_client;
+attribute hal_mtkcodecservice_server;