From 44df5b943291d9f07975656968716accbb590dfb Mon Sep 17 00:00:00 2001
From: Alex Klyubin <klyubin@google.com>
Date: Fri, 24 Mar 2017 17:22:17 -0700
Subject: [PATCH] mediacodec violates "no Binder in vendor" rule

This adds mediacodec to the list of temporary exemptions from the "no
Binder in vendor" rule.

Test: mmm system/sepolicy
Bug: 35870313
Change-Id: I0f00d4bfb90d6da45ae2fed65864bb8fb0a4e78e
---
 public/mediacodec.te | 2 ++
 vendor/hal_omx.te    | 2 --
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/public/mediacodec.te b/public/mediacodec.te
index 469c8bab5..ecbe2802c 100644
--- a/public/mediacodec.te
+++ b/public/mediacodec.te
@@ -13,6 +13,8 @@ binder_call(mediacodec, binderservicedomain)
 binder_call(mediacodec, appdomain)
 binder_service(mediacodec)
 
+# TODO(b/36604251): Remove this once OMX HAL stops using Binder
+typeattribute mediacodec binder_in_vendor_violators;
 add_service(mediacodec, mediacodec_service)
 allow mediacodec mediametrics_service:service_manager find;
 allow mediacodec surfaceflinger_service:service_manager find;
diff --git a/vendor/hal_omx.te b/vendor/hal_omx.te
index ff290bc41..fdb4aca59 100644
--- a/vendor/hal_omx.te
+++ b/vendor/hal_omx.te
@@ -1,3 +1 @@
-typeattribute mediacodec coredomain;
-
 init_daemon_domain(mediacodec)
-- 
GitLab