mediaswcodec: Fix non-fatal selinux and seccomp policy denials
cherry-picked from https://android-review.googlesource.com/c/1238348
Fix non-fatal mediaswcodec selinux and seccomp denials.
mediaswcodec need gpu access, plus it also crashes with
following seccomp error during youtube playback:
E media.swcodec: libminijail[2139]: blocked syscall: sysinfo
So whitelist sysinfo syscall for mediaswcodec.
Change-Id: I11db36aeda475c4ca73121efb8b2bfd3d7590be0
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
Signed-off-by: Amit Pundir <pundiramit@gmail.com>
diff --git a/device-common.mk b/device-common.mk
index 15f8858..1d955b0 100644
--- a/device-common.mk
+++ b/device-common.mk
@@ -126,6 +126,9 @@
frameworks/av/media/libstagefright/data/media_codecs_google_video.xml:$(TARGET_COPY_OUT_VENDOR)/etc/media_codecs_google_video.xml \
frameworks/av/media/libstagefright/data/media_codecs_google_audio.xml:$(TARGET_COPY_OUT_VENDOR)/etc/media_codecs_google_audio.xml
+PRODUCT_COPY_FILES += \
+ $(LOCAL_PATH)/seccomp_policy/mediaswcodec.policy:$(TARGET_COPY_OUT_VENDOR)/etc/seccomp_policy/mediaswcodec.policy
+
# Memtrack
PRODUCT_PACKAGES += \
memtrack.default \
diff --git a/seccomp_policy/mediaswcodec.policy b/seccomp_policy/mediaswcodec.policy
new file mode 100644
index 0000000..4c148fb
--- /dev/null
+++ b/seccomp_policy/mediaswcodec.policy
@@ -0,0 +1,3 @@
+# device specific syscalls
+# extension of frameworks/av/services/mediacodec/seccomp_policy/mediaswcodec-arm64.policy
+sysinfo: 1
diff --git a/sepolicy/mediaswcodec.te b/sepolicy/mediaswcodec.te
new file mode 100644
index 0000000..ff9c5b5
--- /dev/null
+++ b/sepolicy/mediaswcodec.te
@@ -0,0 +1 @@
+gpu_access(mediaswcodec)