mediaswcodec: Fix selinux and seccomp policy denials am: ed6df0dd14
Original change: https://android-review.googlesource.com/c/device/linaro/dragonboard/+/1238348
Change-Id: I117ecac70bed6bf5f0c51ea841d3fab5db12ac97
diff --git a/device-common.mk b/device-common.mk
index 1ebe719..d0f540e 100644
--- a/device-common.mk
+++ b/device-common.mk
@@ -135,6 +135,9 @@
frameworks/av/media/libstagefright/data/media_codecs_google_video.xml:$(TARGET_COPY_OUT_VENDOR)/etc/media_codecs_google_video.xml \
frameworks/av/media/libstagefright/data/media_codecs_google_audio.xml:$(TARGET_COPY_OUT_VENDOR)/etc/media_codecs_google_audio.xml
+PRODUCT_COPY_FILES += \
+ $(LOCAL_PATH)/seccomp_policy/mediaswcodec.policy:$(TARGET_COPY_OUT_VENDOR)/etc/seccomp_policy/mediaswcodec.policy
+
# Memtrack
PRODUCT_PACKAGES += \
memtrack.default \
diff --git a/seccomp_policy/mediaswcodec.policy b/seccomp_policy/mediaswcodec.policy
new file mode 100644
index 0000000..4c148fb
--- /dev/null
+++ b/seccomp_policy/mediaswcodec.policy
@@ -0,0 +1,3 @@
+# device specific syscalls
+# extension of frameworks/av/services/mediacodec/seccomp_policy/mediaswcodec-arm64.policy
+sysinfo: 1
diff --git a/sepolicy/mediaswcodec.te b/sepolicy/mediaswcodec.te
new file mode 100644
index 0000000..57fb75c
--- /dev/null
+++ b/sepolicy/mediaswcodec.te
@@ -0,0 +1,2 @@
+gpu_access(mediaswcodec)
+allow mediaswcodec gpu_device:chr_file { getattr ioctl map open read write };