android_system_sepolicy/public/mediaswcodec.te

type mediaswcodec, domain;
type mediaswcodec_exec, system_file_type, exec_type, file_type;

hal_server_domain(mediaswcodec, hal_codec2)

# mediaswcodec may use an input surface from a different Codec2 service or an
# OMX service
hal_client_domain(mediaswcodec, hal_codec2)
hal_client_domain(mediaswcodec, hal_omx)

hal_client_domain(mediaswcodec, hal_allocator)
hal_client_domain(mediaswcodec, hal_graphics_allocator)

# get aac_drc_* properties
get_prop(mediaswcodec, aac_drc_prop)

crash_dump_fallback(mediaswcodec)

# mediaswcodec_server should never execute any executable without a
# domain transition
neverallow mediaswcodec { file_type fs_type }:file execute_no_trans;

# Media processing code is inherently risky and thus should have limited
# permissions and be isolated from the rest of the system and network.
# Lengthier explanation here:
# https://android-developers.googleblog.com/2016/05/hardening-media-stack.html
neverallow mediaswcodec domain:{ udp_socket rawip_socket } *;
neverallow mediaswcodec { domain userdebug_or_eng(`-su') }:tcp_socket *;

allow mediaswcodec dmabuf_system_heap_device:chr_file r_file_perms;
allow mediaswcodec dmabuf_system_secure_heap_device:chr_file r_file_perms;
allow mediaswcodec gpu_device:chr_file rw_file_perms;
allow mediaswcodec gpu_device:dir r_dir_perms;
add mediaswcodec service Set up a new service for sw media codec services. Bug: 111407413 Test: cts-tradefed run cts-dev --module CtsMediaTestCases --compatibility:module-arg CtsMediaTestCases:include-annotation:android.platform.test.annotations.RequiresDevice Change-Id: Ia1c6a9ef3f0c1d84b2be8756eb1853ffa0597f8e 2018-09-20 12:07:44 -07:00			`type mediaswcodec, domain;`
			`type mediaswcodec_exec, system_file_type, exec_type, file_type;`

Properly define hal_codec2 and related policies Test: make cts -j123 && cts-tradefed run cts-dev -m \ CtsMediaTestCases --compatibility:module-arg \ CtsMediaTestCases:include-annotation:\ android.platform.test.annotations.RequiresDevice Bug: 131677974 Change-Id: I59c3d225499a8c53c2ed9f3bd677ff3d7423990b 2019-04-30 05:09:28 -07:00			`hal_server_domain(mediaswcodec, hal_codec2)`

			`# mediaswcodec may use an input surface from a different Codec2 service or an`
			`# OMX service`
			`hal_client_domain(mediaswcodec, hal_codec2)`
			`hal_client_domain(mediaswcodec, hal_omx)`
add mediaswcodec service Set up a new service for sw media codec services. Bug: 111407413 Test: cts-tradefed run cts-dev --module CtsMediaTestCases --compatibility:module-arg CtsMediaTestCases:include-annotation:android.platform.test.annotations.RequiresDevice Change-Id: Ia1c6a9ef3f0c1d84b2be8756eb1853ffa0597f8e 2018-09-20 12:07:44 -07:00
			`hal_client_domain(mediaswcodec, hal_allocator)`
			`hal_client_domain(mediaswcodec, hal_graphics_allocator)`

mediaswcodec: Allow getprop for aac drc params Bug: 280783314 Test: adb shell setprop <drc properties> Test: stagefright -a /sdcard/aac.mp4 and check drc params Change-Id: I6ae0b09ecbaa7c52d30e9dcb46cfe36e849bf877 2023-11-06 15:10:09 -08:00			`# get aac_drc_* properties`
			`get_prop(mediaswcodec, aac_drc_prop)`

Properly define hal_codec2 and related policies Test: make cts -j123 && cts-tradefed run cts-dev -m \ CtsMediaTestCases --compatibility:module-arg \ CtsMediaTestCases:include-annotation:\ android.platform.test.annotations.RequiresDevice Bug: 131677974 Change-Id: I59c3d225499a8c53c2ed9f3bd677ff3d7423990b 2019-04-30 05:09:28 -07:00			`crash_dump_fallback(mediaswcodec)`

			`# mediaswcodec_server should never execute any executable without a`
			`# domain transition`
			`neverallow mediaswcodec { file_type fs_type }:file execute_no_trans;`

			`# Media processing code is inherently risky and thus should have limited`
			`# permissions and be isolated from the rest of the system and network.`
			`# Lengthier explanation here:`
			`# https://android-developers.googleblog.com/2016/05/hardening-media-stack.html`
C2 AIDL sepolicy update Bug: 251850069 Test: presubmit Change-Id: Ica39920472de154aa01b8e270297553aedda6782 2023-08-21 18:10:35 -07:00			`neverallow mediaswcodec domain:{ udp_socket rawip_socket } *;`
			neverallow mediaswcodec { domain userdebug_or_eng(`-su') }:tcp_socket *;
Properly define hal_codec2 and related policies Test: make cts -j123 && cts-tradefed run cts-dev -m \ CtsMediaTestCases --compatibility:module-arg \ CtsMediaTestCases:include-annotation:\ android.platform.test.annotations.RequiresDevice Bug: 131677974 Change-Id: I59c3d225499a8c53c2ed9f3bd677ff3d7423990b 2019-04-30 05:09:28 -07:00
Add permissions required for new DMA-BUF heap allocator avc: denied { read } for comm=4E444B204D65646961436F6465635F name="system" dev="tmpfs" ino=379 scontext=u:r:system_server:s0 tcontext=u:object_r:dmabuf_system_heap_device:s0 tclass=chr_file permissive=1 avc: denied { open } for comm=4E444B204D65646961436F6465635F path="/dev/dma_heap/system" dev="tmpfs" ino=379 scontext=u:r:system_server:s0 tcontext=u:object_r:dmabuf_system_heap_device:s0 tclass=chr_file permissive=1 avc: denied { read } for comm="HwBinder:413_3" name="system" dev="tmpfs" ino=379 scontext=u:r:mediaswcodec:s0 tcontext=u:object_r:dmabuf_system_heap_device:s0 tclass=chr_file permissive=0 avc: denied { ioctl } for comm=4E444B204D65646961436F6465635F path="/dev/dma_heap/system" dev="tmpfs" ino=379 ioctlcmd=0x4800 scontext=u:r:system_server:s0 tcontext=u:object_r:dmabuf_system_heap_device:s0 tclass=chr_file permissive=1 avc: denied { read } for comm=4E444B204D65646961436F6465635F name="system" dev="tmpfs" ino=379 scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:dmabuf_system_heap_device:s0 tclass=chr_file permissive=0 app=com.android.systemui it(0.0:83): avc: denied { read } for comm=4E444B204D65646961436F6465635F name="system" dev="tmpfs" ino=379 scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:dmabuf_system_heap_device:s0 tclass=chr_file permissive=0 app=com.android.systemui Test: video playback without denials with DMA-BUF heaps enabled Bug: 168333162 Change-Id: If936c5561ebf891e4b687a2c18760d16e0d31275 2020-09-11 14:00:59 -07:00			`allow mediaswcodec dmabuf_system_heap_device:chr_file r_file_perms;`
Allow codec2 to allocate from system-secure heap Codec2 clients should have the permission to allocate from the system-secure DMA-BUF heap for secure playback. avc: denied { ioctl } for path="/dev/dma_heap/system-secure" dev="tmpfs" ino=649 ioctlcmd=0x4800 scontext=u:r:mediaswcodec:s0 tcontext=u:object_r:dmabuf_system_secure_heap_device:s0 tclass=chr_file permissive=1 avc: denied { read } for comm=4E444B204D65646961436F6465635F name="system-secure" dev="tmpfs" ino=649 scontext=u:r:system_server:s0 tcontext=u:object_r:dmabuf_system_secure_heap_device:s0 tclass=chr_file permissive=1 avc: denied { open } for comm=4E444B204D65646961436F6465635F path="/dev/dma_heap/system-secure" dev="tmpfs" ino=649 scontext=u:r:system_server:s0 tcontext=u:object_r:dmabuf_system_secure_heap_device:s0 tclass=chr_file permissive=1 avc: denied { ioctl } for comm=4E444B204D65646961436F6465635F path="/dev/dma_heap/system-secure" dev="tmpfs" ino=649 ioctlcmd=0x4800 scontext=u:r:system_server:s0 tcontext=u:object_r:dmabuf_system_secure_heap_device:s0 tclass=chr_file permissive=1 avc: denied { read } for name="system-secure" dev="tmpfs" ino=649 scontext=u:r:mediaswcodec:s0 tcontext=u:object_r:dmabuf_system_secure_heap_device:s0 tclass=chr_file permissive=1 avc: denied { open } for path="/dev/dma_heap/system-secure" dev="tmpfs" ino=649 scontext=u:r:mediaswcodec:s0 tcontext=u:object_r:dmabuf_system_secure_heap_device:s0 tclass=chr_file permissive=1 avc: denied { read } for comm=4E444B204D65646961436F6465635F name="system-secure" dev="tmpfs" ino=649 scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:dmabuf_system_secure_heap_device:s0 tclass=chr_file permissive=1 app=com.android.systemui 0:145): avc: denied { open } for comm=4E444B204D65646961436F6465635F path="/dev/dma_heap/system-secure" dev="tmpfs" ino=649 scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:dmabuf_system_secure_heap_device:s0 tclass=chr_file permissive=1 avc: denied { ioctl } for comm=4E444B204D65646961436F6465635F path="/dev/dma_heap/system-secure" dev="tmpfs" ino=649 ioctlcmd=0x4800 scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:dmabuf_system_secure_heap_device:s0 tclass=chr_file permissive=1 Bug: 172527615 Test: manual Change-Id: I465e5fcd660bb548e93d683e9d20cace7421ed2d 2021-01-12 12:05:20 -08:00			`allow mediaswcodec dmabuf_system_secure_heap_device:chr_file r_file_perms;`
Adds GPU sepolicy to support devices with DRM gralloc/rendering ... such as Cuttlefish (Cloud Android virtual device) which has a DRM virtio-gpu based gralloc and (sometimes) DRM virtio-gpu based rendering (when forwarding rendering commands to the host machine with Mesa3D in the guest and virglrenderer on the host). After this change is submitted, changes such as aosp/1997572 can be submitted to removed sepolicy that is currently duplicated across device/google/cuttlefish and device/linaro/dragonboard as well. Adds a sysfs_gpu type (existing replicated sysfs_gpu definitions across several devices are removed in the attached topic). The uses of `sysfs_gpu:file` comes from Mesa using libdrm's `drmGetDevices2()` which calls into `drmParsePciDeviceInfo()` to get vendor id, device id, version etc. Bug: b/161819018 Test: launch_cvd Test: launch_cvd --gpu_mode=gfxstream Change-Id: I4f7d4b0fb90bfeef72f94396ff0c5fe44d53510c Merged-In: I4f7d4b0fb90bfeef72f94396ff0c5fe44d53510c 2022-02-24 10:32:16 -08:00			`allow mediaswcodec gpu_device:chr_file rw_file_perms;`
			`allow mediaswcodec gpu_device:dir r_dir_perms;`