From eeb0d38037efa311812c3086b3c09ef97e5f95b3 Mon Sep 17 00:00:00 2001
From: Jiwen 'Steve' Cai <jwcai@google.com>
Date: Thu, 9 Mar 2017 18:44:07 -0800
Subject: [PATCH] Allow fd access between mediacodec and bufferhubd

bufferhubd should be able to use sync fence fd from mediacodec; and
mediacodec should be able to use a gralloc buffer fd from the bufferhubd.

Bug: 32213311
Test: Ran exoplayer_demo and verify mediacodec can plumb buffer through
bufferhub.

Change-Id: Id175827c56c33890ecce33865b0b1167d872fc56
---
 public/bufferhubd.te | 6 ++++++
 public/mediacodec.te | 6 ++++++
 2 files changed, 12 insertions(+)

diff --git a/public/bufferhubd.te b/public/bufferhubd.te
index 95433981e..231443357 100644
--- a/public/bufferhubd.te
+++ b/public/bufferhubd.te
@@ -10,3 +10,9 @@ allow bufferhubd gpu_device:chr_file rw_file_perms;
 
 # Access /dev/ion
 allow bufferhubd ion_device:chr_file r_file_perms;
+
+# Receive sync fence FDs from mediacodec. Note that mediacodec never directly
+# connects to bufferhubd via PDX. Instead, a VR app acts as a bridge between
+# those two: it talks to mediacodec via Binder and talks to bufferhubd via PDX.
+# Thus, there is no need to use use_pdx macro.
+allow bufferhubd mediacodec:fd use;
diff --git a/public/mediacodec.te b/public/mediacodec.te
index 99ebdb1e4..6ab90eb3d 100644
--- a/public/mediacodec.te
+++ b/public/mediacodec.te
@@ -26,6 +26,12 @@ hwbinder_use(mediacodec)
 hwallocator_use(mediacodec)
 allow mediacodec system_file:dir { open read };
 
+# Recieve gralloc buffer FDs from bufferhubd. Note that mediacodec never
+# directly connects to bufferhubd via PDX. Instead, a VR app acts as a bridge
+# between those two: it talks to mediacodec via Binder and talks to bufferhubd
+# via PDX. Thus, there is no need to use use_pdx macro.
+allow mediacodec bufferhubd:fd use;
+
 ###
 ### neverallow rules
 ###
-- 
GitLab