From 7291641803f204f5ba3ebdbe700f9510419810a3 Mon Sep 17 00:00:00 2001 From: Chong Zhang <chz@google.com> Date: Mon, 31 Oct 2016 17:02:32 -0700 Subject: [PATCH] MediaCAS: adding media.cas to service Also allow media.extractor to use media.cas for descrambling. bug: 22804304 Change-Id: Id283b31badecb11011211a776ba9ff5167a9019d --- private/platform_app.te | 1 + private/priv_app.te | 1 + private/service_contexts | 1 + private/system_server.te | 1 + private/untrusted_app_all.te | 1 + private/untrusted_v2_app.te | 1 + public/mediadrmserver.te | 2 ++ public/mediaextractor.te | 1 + public/service.te | 1 + 9 files changed, 10 insertions(+) diff --git a/private/platform_app.te b/private/platform_app.te index dde1c7181..2817e5a47 100644 --- a/private/platform_app.te +++ b/private/platform_app.te @@ -45,6 +45,7 @@ allow platform_app mediametrics_service:service_manager find; allow platform_app mediaextractor_service:service_manager find; allow platform_app mediacodec_service:service_manager find; allow platform_app mediadrmserver_service:service_manager find; +allow platform_app mediacasserver_service:service_manager find; allow platform_app persistent_data_block_service:service_manager find; allow platform_app radio_service:service_manager find; allow platform_app surfaceflinger_service:service_manager find; diff --git a/private/priv_app.te b/private/priv_app.te index dd4ac2ced..76dbb98b1 100644 --- a/private/priv_app.te +++ b/private/priv_app.te @@ -26,6 +26,7 @@ allow priv_app drmserver_service:service_manager find; allow priv_app mediacodec_service:service_manager find; allow priv_app mediametrics_service:service_manager find; allow priv_app mediadrmserver_service:service_manager find; +allow priv_app mediacasserver_service:service_manager find; allow priv_app mediaextractor_service:service_manager find; allow priv_app mediaserver_service:service_manager find; allow priv_app nfc_service:service_manager find; diff --git a/private/service_contexts b/private/service_contexts index 6f467931c..5200b8d18 100644 --- a/private/service_contexts +++ b/private/service_contexts @@ -87,6 +87,7 @@ media.resource_manager u:object_r:mediaserver_service:s0 media.radio u:object_r:audioserver_service:s0 media.sound_trigger_hw u:object_r:audioserver_service:s0 media.drm u:object_r:mediadrmserver_service:s0 +media.cas u:object_r:mediacasserver_service:s0 media_projection u:object_r:media_projection_service:s0 media_resource_monitor u:object_r:media_session_service:s0 media_router u:object_r:media_router_service:s0 diff --git a/private/system_server.te b/private/system_server.te index f16cd2d5d..0ad5d9939 100644 --- a/private/system_server.te +++ b/private/system_server.te @@ -511,6 +511,7 @@ allow system_server mediametrics_service:service_manager find; allow system_server mediaextractor_service:service_manager find; allow system_server mediacodec_service:service_manager find; allow system_server mediadrmserver_service:service_manager find; +allow system_server mediacasserver_service:service_manager find; allow system_server netd_service:service_manager find; allow system_server nfc_service:service_manager find; allow system_server radio_service:service_manager find; diff --git a/private/untrusted_app_all.te b/private/untrusted_app_all.te index 0315252b9..edd1f93a0 100644 --- a/private/untrusted_app_all.te +++ b/private/untrusted_app_all.te @@ -66,6 +66,7 @@ allow untrusted_app_all mediaextractor_service:service_manager find; allow untrusted_app_all mediacodec_service:service_manager find; allow untrusted_app_all mediametrics_service:service_manager find; allow untrusted_app_all mediadrmserver_service:service_manager find; +allow untrusted_app_all mediacasserver_service:service_manager find; allow untrusted_app_all nfc_service:service_manager find; allow untrusted_app_all radio_service:service_manager find; allow untrusted_app_all surfaceflinger_service:service_manager find; diff --git a/private/untrusted_v2_app.te b/private/untrusted_v2_app.te index df37fdda3..e51170915 100644 --- a/private/untrusted_v2_app.te +++ b/private/untrusted_v2_app.te @@ -29,6 +29,7 @@ allow untrusted_v2_app mediaextractor_service:service_manager find; allow untrusted_v2_app mediacodec_service:service_manager find; allow untrusted_v2_app mediametrics_service:service_manager find; allow untrusted_v2_app mediadrmserver_service:service_manager find; +allow untrusted_v2_app mediacasserver_service:service_manager find; allow untrusted_v2_app nfc_service:service_manager find; allow untrusted_v2_app radio_service:service_manager find; allow untrusted_v2_app surfaceflinger_service:service_manager find; diff --git a/public/mediadrmserver.te b/public/mediadrmserver.te index 9eb597c07..94ff76f7a 100644 --- a/public/mediadrmserver.te +++ b/public/mediadrmserver.te @@ -17,6 +17,8 @@ allow mediadrmserver mediametrics_service:service_manager find; allow mediadrmserver processinfo_service:service_manager find; allow mediadrmserver surfaceflinger_service:service_manager find; +add_service(mediadrmserver, mediacasserver_service) + ### ### neverallow rules ### diff --git a/public/mediaextractor.te b/public/mediaextractor.te index dc7c90e0a..43d511c18 100644 --- a/public/mediaextractor.te +++ b/public/mediaextractor.te @@ -11,6 +11,7 @@ binder_service(mediaextractor) add_service(mediaextractor, mediaextractor_service) allow mediaextractor mediametrics_service:service_manager find; +allow mediaextractor mediacasserver_service:service_manager find; allow mediaextractor system_server:fd use; diff --git a/public/service.te b/public/service.te index c8cd4de18..e96841dec 100644 --- a/public/service.te +++ b/public/service.te @@ -18,6 +18,7 @@ type mediametrics_service, service_manager_type; type mediaextractor_service, service_manager_type; type mediacodec_service, service_manager_type; type mediadrmserver_service, service_manager_type; +type mediacasserver_service, service_manager_type; type netd_service, service_manager_type; type nfc_service, service_manager_type; type radio_service, service_manager_type; -- GitLab