- Apr 03, 2017
-
-
Alex Klyubin authoredThe tee domain is a vendor domain. Thus it cannot be accessed by non-vendor components over Unix domain sockets. It appears that the rules granting this access are not needed. Test: Flash a clean build with this change. Confirm that bullhead, angler, sailfish, ryu, boot without new denials. Confirm that YouTube, Netflix, Google Play Movies play back videos without new denials. Bug: 36714625 Bug: 36715266 Change-Id: I639cecd07c9a3cfb257e62622b51b7823613472a
-
- Feb 17, 2017
-
-
Alex Klyubin authored
This switches DRM HAL policy to the design which enables us to conditionally remove unnecessary rules from domains which are clients of DRM HAL. Domains which are clients of DRM HAL, such as mediadrmserver domain, are granted rules targeting hal_drm only when the DRM HAL runs in passthrough mode (i.e., inside the client's process). When the HAL runs in binderized mode (i.e., in another process/domain, with clients talking to the HAL over HwBinder IPC), rules targeting hal_drm are not granted to client domains. Domains which offer a binderized implementation of DRM HAL, such as hal_drm_default domain, are always granted rules targeting hal_drm. Test: Play movie using Google Play Movies Test: Play movie using Netflix Bug: 34170079 Change-Id: I3ab0e84818ccd61e54b90f7ade3509b7dbf86fb9
-
- Jan 25, 2017
-
-
Jeff Tinker authored
bug:32815560 Change-Id: I494141b47fcd2e7e0cc02aa58d8df9a222060b3f
-