| commit | 59f649f16566b85ba57307888fdf78e6af3e34a1 | [log] [tgz] |
|---|---|---|
| author | Parag Mehendale <pmehendale@nvidia.com> | Wed Apr 20 01:09:05 2016 -0700 |
| committer | Mark Salyzyn <salyzyn@google.com> | Fri May 20 07:25:54 2016 -0700 |
| tree | 1444affeb979b0c7676782157aa981691239ec47 | |
| parent | 44670b3920c87cc3c0391febe39fb14f9d4b4b00 [diff] |
Selinux-MediaDRM server : Reduce permissions as /dev/nvmap is not used Moved from using nvmap shared buffers to ash_mem as selinux permissions on /dev/nvmap (a.k.a gpu_device) will defeat the purpose of mediaserver & mediaDrmServer split from a security point of view. This needs to be merged after :Omx & oemcrypto changes. https://partner-android-review.googlesource.com/#/c/591874/ https://partner-android-review.googlesource.com/#/c/591667/ Signed-off-by: Parag Mehendale <pmehendale@nvidia.com> Bug: 26780693 Change-Id: Ic4cbef72923ba95b3b4749336b9812e28dccc8c0
diff --git a/sepolicy/mediadrmserver.te b/sepolicy/mediadrmserver.te index 4c594ee..cd402d4 100644 --- a/sepolicy/mediadrmserver.te +++ b/sepolicy/mediadrmserver.te
@@ -1,2 +1 @@ allow mediadrmserver video_device:chr_file rw_file_perms; -allow mediadrmserver gpu_device:chr_file rw_file_perms;