sepolicy: address mediacodec denials

author Stricted <info@stricted.net>

Wed, 2 May 2018 00:22:36 +0000 (02:22 +0200)

committer Stricted <info@stricted.net>

Wed, 2 May 2018 00:22:36 +0000 (02:22 +0200)
author Stricted <info@stricted.net>
Wed, 2 May 2018 00:22:36 +0000 (02:22 +0200)
committer Stricted <info@stricted.net>
Wed, 2 May 2018 00:22:36 +0000 (02:22 +0200)
diff --git a/sepolicy/mediacodec.te b/sepolicy/mediacodec.te

new file mode 100644 (file)

index 0000000..55487bd
--- /dev/null
+++ b/sepolicy/mediacodec.te
@@ -0,0 +1,23 @@
+# nvram
+allow mediacodec nvdata_file:dir rw_dir_perms;
+allow mediacodec nvdata_file:file create_file_perms;
+allow mediacodec ccci_device:chr_file rw_file_perms;
+
+# video codec
+allow mediacodec Vcodec_device:chr_file rw_file_perms;
+allow mediacodec devmap_device:chr_file r_file_perms;
+allow mediacodec devmap_device:chr_file { ioctl };
+allow mediacodec mtk_smi_device:chr_file { ioctl read open };
+allow mediacodec proc:file { open read ioctl };
+allow mediacodec sysfs:file { open read write };
+allow mediacodec sysfs_devinfo:file { open read write };
+allow mediacodec proc_meminfo:file { open read getattr };
+
+allow mediacodec property_socket:sock_file write;
+allow mediacodec init:unix_stream_socket connectto;
+
+# M4U
+allow mediacodec M4U_device_device:chr_file rw_file_perms;
+
+# PQ
+allow mediacodec pq_service:service_manager find;
author	Stricted <info@stricted.net>
	Wed, 2 May 2018 00:22:36 +0000 (02:22 +0200)
committer	Stricted <info@stricted.net>
	Wed, 2 May 2018 00:22:36 +0000 (02:22 +0200)