commit 1134bd001e51f0fb43bae24b32d03a3067bb5acc
author Dongwon Kang <dwkang@google.com> Mon Nov 06 11:19:07 2017 -0800
committer Dongwon Kang <dwkang@google.com> Tue Jan 23 11:21:11 2018 -0800
tree 9d627860284bc51b8de4043d9c1d1584a3abe40e
parent e2f4140ceff2b417ac85fb09e452a9f7dbb8cf5a

Allow mediaextractor to load libraries from apk_data_file

This is an experimental feature only on userdebug and eng build.

Test: play MP4 file. install & uninstall media update apk.
Bug: 67908547
Change-Id: I513cdbfda962f00079e886b7a42f9928e81f6474

private/app_neverallows.te

diff --git a/private/app_neverallows.te b/private/app_neverallows.te
index 05ef5ed..cf9d0d3 100644
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te
@@ -243,3 +243,6 @@
     -untrusted_app_visible_halserver
   }:binder { call transfer };
 ')
+
+# Untrusted apps are not allowed to find mediaextractor update service.
+neverallow all_untrusted_apps mediaextractor_update_service:service_manager find;

private/compat/26.0/26.0.ignore.cil

diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index f6889ae..3a906e9 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -52,6 +52,7 @@
     lowpan_device
     lowpan_prop
     lowpan_service
+    mediaextractor_update_service
     mediaprovider_tmpfs
     netd_stable_secret_prop
     network_watchlist_data_file

private/service_contexts

diff --git a/private/service_contexts b/private/service_contexts
index c1ea51a..373c7cc 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -88,6 +88,7 @@
 media.player                              u:object_r:mediaserver_service:s0
 media.metrics                             u:object_r:mediametrics_service:s0
 media.extractor                           u:object_r:mediaextractor_service:s0
+media.extractor.update                    u:object_r:mediaextractor_update_service:s0
 media.codec                               u:object_r:mediacodec_service:s0
 media.resource_manager                    u:object_r:mediaserver_service:s0
 media.sound_trigger_hw                    u:object_r:audioserver_service:s0

private/system_server.te

diff --git a/private/system_server.te b/private/system_server.te
index 035e8f1..6ebcab5 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -746,6 +746,11 @@
 allow system_server user_profile_data_file:dir { search };
 allow system_server user_profile_data_file:file { getattr open read };
 
+userdebug_or_eng(`
+  # Allow system server to notify mediaextractor of the plugin update.
+  allow system_server mediaextractor_update_service:service_manager find;
+')
+
 ###
 ### Neverallow rules
 ###