Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 50bcd14846cc9c0b0e721b402e1720a7d3958f95^2..50bcd14846cc9c0b0e721b402e1720a7d3958f95 / .
commit50bcd14846cc9c0b0e721b402e1720a7d3958f95[log] [tgz]
authorMarco Nelissen <marcone@google.com>Sun Feb 28 17:14:56 2016 +0000
committerAndroid (Google) Code Review <android-gerrit@google.com>Sun Feb 28 17:14:56 2016 +0000
tree8a091762bc5e7447439840fd9ed172cafd774a4f
parent3df1fda5e3f9d6cd4b7c40b86bfb6c5109ca8296 [diff]
parent6c53b23da8d625b29bc748d836a1a3ec1a744bec [diff]
Merge "mediacodec: grant access to surfaceflinger" into nyc-dev
diff --git a/Android.mk b/Android.mk
index cfbb945..0bfa54d 100644
--- a/Android.mk
+++ b/Android.mk

@@ -98,10 +98,19 @@
 		-s $^ > $@
 	$(hide) sed '/dontaudit/d' $@ > $@.dontaudit
 
-$(LOCAL_BUILT_MODULE): $(sepolicy_policy.conf) $(HOST_OUT_EXECUTABLES)/checkpolicy
+$(LOCAL_BUILT_MODULE): $(sepolicy_policy.conf) $(HOST_OUT_EXECUTABLES)/checkpolicy $(HOST_OUT_EXECUTABLES)/sepolicy-analyze
 	@mkdir -p $(dir $@)
-	$(hide) $(HOST_OUT_EXECUTABLES)/checkpolicy -M -c $(POLICYVERS) -o $@ $<
+	$(hide) $(HOST_OUT_EXECUTABLES)/checkpolicy -M -c $(POLICYVERS) -o $@.tmp $<
 	$(hide) $(HOST_OUT_EXECUTABLES)/checkpolicy -M -c $(POLICYVERS) -o $(dir $<)/$(notdir $@).dontaudit $<.dontaudit
+	$(hide) $(HOST_OUT_EXECUTABLES)/sepolicy-analyze $@.tmp permissive > $@.permissivedomains
+	$(hide) if [ "$(TARGET_BUILD_VARIANT)" = "user" -a -s $@.permissivedomains ]; then \
+		echo "==========" 1>&2; \
+		echo "ERROR: permissive domains not allowed in user builds" 1>&2; \
+		echo "List of invalid domains:" 1>&2; \
+		cat $@.permissivedomains 1>&2; \
+		exit 1; \
+		fi
+	$(hide) mv $@.tmp $@
 
 built_sepolicy := $(LOCAL_BUILT_MODULE)
 sepolicy_policy.conf :=
@@ -127,9 +136,18 @@
 		-D target_recovery=true \
 		-s $^ > $@
 
-$(LOCAL_BUILT_MODULE): $(sepolicy_policy_recovery.conf) $(HOST_OUT_EXECUTABLES)/checkpolicy
+$(LOCAL_BUILT_MODULE): $(sepolicy_policy_recovery.conf) $(HOST_OUT_EXECUTABLES)/checkpolicy $(HOST_OUT_EXECUTABLES)/sepolicy-analyze
 	@mkdir -p $(dir $@)
-	$(hide) $(HOST_OUT_EXECUTABLES)/checkpolicy -M -c $(POLICYVERS) -o $@ $<
+	$(hide) $(HOST_OUT_EXECUTABLES)/checkpolicy -M -c $(POLICYVERS) -o $@.tmp $<
+	$(hide) $(HOST_OUT_EXECUTABLES)/sepolicy-analyze $@.tmp permissive > $@.permissivedomains
+	$(hide) if [ "$(TARGET_BUILD_VARIANT)" = "user" -a -s $@.permissivedomains ]; then \
+		echo "==========" 1>&2; \
+		echo "ERROR: permissive domains not allowed in user builds" 1>&2; \
+		echo "List of invalid domains:" 1>&2; \
+		cat $@.permissivedomains 1>&2; \
+		exit 1; \
+		fi
+	$(hide) mv $@.tmp $@
 
 built_sepolicy_recovery := $(LOCAL_BUILT_MODULE)
 sepolicy_policy_recovery.conf :=

diff --git a/cameraserver.te b/cameraserver.te
index 68b1f0f..6520969 100644
--- a/cameraserver.te
+++ b/cameraserver.te

@@ -2,10 +2,6 @@
 type cameraserver, domain;
 type cameraserver_exec, exec_type, file_type;
 
-# STOPSHIP. cameraserver into permissive mode to collect denials from
-# droidfooders
-permissive cameraserver;
-
 init_daemon_domain(cameraserver)
 
 binder_use(cameraserver)

diff --git a/mediadrmserver.te b/mediadrmserver.te
index bd2264d..8b4f073 100644
--- a/mediadrmserver.te
+++ b/mediadrmserver.te

@@ -36,6 +36,7 @@
 # Allow access to app_data and media_data_files
 allow mediadrmserver media_data_file:dir create_dir_perms;
 allow mediadrmserver media_data_file:file create_file_perms;
+allow mediadrmserver media_data_file:file { getattr read };
 
 allow mediadrmserver tee_device:chr_file rw_file_perms;