SELinux policies for PDX services Specify per-service rules for PDX transport. Now being able to grant permissions to individual services provided by processes, not all services of a process. Also tighter control over which permissions are required for client and server for individual components of IPC (endpoints, channels, etc). Bug: 37646189 Change-Id: I78eb8ae8b6e08105666445a66bfcbd2f1d69d0ea

commit: 41daa7f859be06a49e4770a1f1d33b0d3070fa5a [log] [tgz]
author: Alex Vakulenko <avakulenko@google.com> Mon May 01 13:01:44 2017 -0700
committer: Alex Vakulenko <avakulenko@google.com> Wed May 10 16:39:19 2017 -0700
tree: 4649ed117e5ee1391ecc1266ba2b56b9d9eb4fb2
parent: e1074f8bfc1b0cbce831a775161b1fb791bd4079 [diff] [blame]
diff --git a/public/mediacodec.te b/public/mediacodec.te
index 771701c..5ca41fc 100644
--- a/public/mediacodec.te
+++ b/public/mediacodec.te

@@ -43,7 +43,7 @@
 # Recieve gralloc buffer FDs from bufferhubd. Note that mediacodec never
 # directly connects to bufferhubd via PDX. Instead, a VR app acts as a bridge
 # between those two: it talks to mediacodec via Binder and talks to bufferhubd
-# via PDX. Thus, there is no need to use use_pdx macro.
+# via PDX. Thus, there is no need to use pdx_client macro.
 allow mediacodec bufferhubd:fd use;
 
 ###
commit	41daa7f859be06a49e4770a1f1d33b0d3070fa5a	[log] [tgz]
author	Alex Vakulenko <avakulenko@google.com>	Mon May 01 13:01:44 2017 -0700
committer	Alex Vakulenko <avakulenko@google.com>	Wed May 10 16:39:19 2017 -0700
tree	4649ed117e5ee1391ecc1266ba2b56b9d9eb4fb2
parent	e1074f8bfc1b0cbce831a775161b1fb791bd4079 [diff] [blame]