From c56f00c519b2d4792b40e470b1ebb5141df62b74 Mon Sep 17 00:00:00 2001
From: "Yang, Dong" <dong.yang@intel.com>
Date: Fri, 17 Sep 2021 09:14:57 +0800
Subject: [PATCH] enable virtio-video driver on Android T

add sepolicy rule for v4l2-codec2 plugin
Correct the compile error for R_stable
cgroup_bpf must be used in Android R
cgroup_v2 is only for Android S
add 2 rules for mediacodec
Follow Guide to config service

Tracked-On: OAM-104252
Signed-off-by: ji, zhenlong z <zhenlong.z.ji@intel.com>
Signed-off-by: Yang, Dong <dong.yang@intel.com>
Signed-off-by: Shaofeng Tang <shaofeng.tang@intel.com>
---
 codecs/v4l2-codec2/file_contexts        |  2 ++
 codecs/v4l2-codec2/media_c2_v4l2_hal.te | 34 +++++++++++++++++++++++++
 codecs/v4l2-codec2/mediaswcodec.te      |  2 ++
 3 files changed, 38 insertions(+)
 create mode 100644 codecs/v4l2-codec2/file_contexts
 create mode 100644 codecs/v4l2-codec2/media_c2_v4l2_hal.te
 create mode 100644 codecs/v4l2-codec2/mediaswcodec.te

diff --git a/codecs/v4l2-codec2/file_contexts b/codecs/v4l2-codec2/file_contexts
new file mode 100644
index 00000000..afdc283f
--- /dev/null
+++ b/codecs/v4l2-codec2/file_contexts
@@ -0,0 +1,2 @@
+/vendor/bin/hw/android\.hardware\.media\.c2@1\.0-service-v4l2(.*)?  u:object_r:media_c2_v4l2_hal_exec:s0
+/dev/video[0-9] u:object_r:video_device:s0
diff --git a/codecs/v4l2-codec2/media_c2_v4l2_hal.te b/codecs/v4l2-codec2/media_c2_v4l2_hal.te
new file mode 100644
index 00000000..dbdf05ef
--- /dev/null
+++ b/codecs/v4l2-codec2/media_c2_v4l2_hal.te
@@ -0,0 +1,34 @@
+type media_c2_v4l2_hal, domain;
+
+type media_c2_v4l2_hal_exec, exec_type, file_type, vendor_file_type;
+init_daemon_domain(media_c2_v4l2_hal)
+
+vndbinder_use(media_c2_v4l2_hal)
+hal_client_domain(media_c2_v4l2_hal, hal_codec2)
+hal_server_domain(media_c2_v4l2_hal, hal_codec2)
+
+#allow media_c2_v4l2_hal hwservicemanager_prop:file { open read getattr map };
+get_prop(media_c2_v4l2_hal, hwservicemanager_prop)
+
+allow media_c2_v4l2_hal hwservicemanager:binder call;
+allow media_c2_v4l2_hal tombstoned_crash_socket:sock_file write;
+allow media_c2_v4l2_hal hal_codec2_hwservice:hwservice_manager { find add };
+
+allow media_c2_v4l2_hal hidl_base_hwservice:hwservice_manager add;
+
+#allow media_c2_v4l2_hal mediaserver:binder transfer;
+#allow mediaserver media_c2_v4l2_hal:binder call;
+binder_call(media_c2_v4l2_hal, mediaserver)
+binder_call(mediaserver, media_c2_v4l2_hal)
+
+allow media_c2_v4l2_hal cgroup_v2:dir search;
+allow media_c2_v4l2_hal video_device:chr_file { open read write ioctl };
+
+allow media_c2_v4l2_hal hal_graphics_mapper_hwservice:hwservice_manager find;
+hal_client_domain(media_c2_v4l2_hal, hal_graphics_allocator)
+
+allow media_c2_v4l2_hal hal_graphics_allocator_default_tmpfs:file { read write map };
+allow media_c2_v4l2_hal gpu_device:dir search;
+allow media_c2_v4l2_hal gpu_device:chr_file { open read write ioctl getattr map};
+
+crash_dump_fallback(media_c2_v4l2_hal)
diff --git a/codecs/v4l2-codec2/mediaswcodec.te b/codecs/v4l2-codec2/mediaswcodec.te
new file mode 100644
index 00000000..0f408ecb
--- /dev/null
+++ b/codecs/v4l2-codec2/mediaswcodec.te
@@ -0,0 +1,2 @@
+#============= mediaswcodec ==============
+allow mediaswcodec gpu_device:chr_file map;