Gitiles
Code Review Sign In
review.shift-gmbh.com / SHIFTPHONES / aospm_device_generic_sdm845 / d7cdfec6b064074a8932c73dafa85c9ed871bfb3^! / .
commitd7cdfec6b064074a8932c73dafa85c9ed871bfb3[log] [tgz]
authorCaleb Connolly <caleb.connolly@linaro.org>Tue Apr 05 14:54:53 2022 +0100
committerCaleb Connolly <caleb.connolly@linaro.org>Tue Apr 05 14:56:31 2022 +0100
tree9b7c625b352930e06eff08208e6b71002e329a29
parentc0f48140088ee7a3b17743a841c7e6b89bd5b61b [diff]
memfd: port patches from d/l/dragonboard

This ports and squashes the following changes to enable memfd now that
ashmem has been dropped from mainline.

https://android-review.googlesource.com/c/device/linaro/dragonboard/+/2051082
https://android-review.googlesource.com/c/device/linaro/dragonboard/+/2051081

diff --git a/device-common.mk b/device-common.mk
index b015079..9bb31b9 100644
--- a/device-common.mk
+++ b/device-common.mk

@@ -156,7 +156,8 @@
 
 PRODUCT_COPY_FILES += \
     $(LOCAL_PATH)/seccomp_policy/mediaswcodec.policy:$(TARGET_COPY_OUT_VENDOR)/etc/seccomp_policy/mediacodec.policy \
-    $(LOCAL_PATH)/seccomp_policy/mediaswcodec.policy:$(TARGET_COPY_OUT_VENDOR)/etc/seccomp_policy/mediaswcodec.policy
+    $(LOCAL_PATH)/seccomp_policy/mediaswcodec.policy:$(TARGET_COPY_OUT_VENDOR)/etc/seccomp_policy/mediaswcodec.policy \
+    $(LOCAL_PATH)/seccomp_policy/mediaextractor.policy:$(TARGET_COPY_OUT_VENDOR)/etc/seccomp_policy/mediaextractor.policy \
 
 # Copy hardware config file(s)
 PRODUCT_COPY_FILES +=  \

diff --git a/seccomp_policy/mediaextractor.policy b/seccomp_policy/mediaextractor.policy
new file mode 100644
index 0000000..cf7e427
--- /dev/null
+++ b/seccomp_policy/mediaextractor.policy

@@ -0,0 +1,5 @@
+# device specific syscalls
+# extension of frameworks/av/services/mediaextractor/seccomp_policy/mediaextractor-arm64.policy
+uname: 1
+memfd_create: 1
+ftruncate: 1

diff --git a/seccomp_policy/mediaswcodec.policy b/seccomp_policy/mediaswcodec.policy
index 4c148fb..8b1f97b 100644
--- a/seccomp_policy/mediaswcodec.policy
+++ b/seccomp_policy/mediaswcodec.policy

@@ -1,3 +1,4 @@
 # device specific syscalls
 # extension of frameworks/av/services/mediacodec/seccomp_policy/mediaswcodec-arm64.policy
 sysinfo: 1
+uname: 1

diff --git a/sepolicy/memfd.te b/sepolicy/memfd.te
new file mode 100644
index 0000000..be64644
--- /dev/null
+++ b/sepolicy/memfd.te

@@ -0,0 +1,28 @@
+# audit2allow
+
+#============= audioserver ==============
+allow audioserver system_server_tmpfs:file { map read write };
+allow audioserver tmpfs:file { map read write };
+
+#============= hal_audio_default ==============
+allow hal_audio_default tmpfs:file { getattr map read write };
+
+#============= mediaextractor ==============
+allow mediaextractor logd:unix_stream_socket connectto;
+allow mediaextractor logdr_socket:sock_file write;
+
+#============= mediaserver ==============
+allow mediaserver audioserver_tmpfs:file { map read write };
+allow mediaserver tmpfs:file { map read write };
+
+#============= mediaswcodec ==============
+allow mediaswcodec appdomain_tmpfs:file { map read write };
+allow mediaswcodec logd:unix_stream_socket connectto;
+allow mediaswcodec logdr_socket:sock_file write;
+allow mediaswcodec mediaserver_tmpfs:file { map read write };
+allow mediaswcodec system_server_tmpfs:file { map read write };
+allow mediaswcodec tmpfs:file { getattr map read write };
+
+#============= system_server ==============
+allow system_server audioserver_tmpfs:file { map read write };
+allow system_server tmpfs:file { map read write };