MediaCAS: adding media.cas to service Also allow media.extractor to use media.cas for descrambling. bug: 22804304 Change-Id: Id283b31badecb11011211a776ba9ff5167a9019d

commit: 7291641803f204f5ba3ebdbe700f9510419810a3 [log] [tgz]
author: Chong Zhang <chz@google.com> Mon Oct 31 17:02:32 2016 -0700
committer: Chong Zhang <chz@google.com> Tue Feb 28 12:31:45 2017 -0800
tree: 694834db0981c2cbd38cf0c5910389d80cc64a28
parent: 34ab219f3f9ed6489ee1380b3727e0bc07a1ddf0 [diff]
diff --git a/private/platform_app.te b/private/platform_app.te
index dde1c71..2817e5a 100644
--- a/private/platform_app.te
+++ b/private/platform_app.te

@@ -45,6 +45,7 @@
 allow platform_app mediaextractor_service:service_manager find;
 allow platform_app mediacodec_service:service_manager find;
 allow platform_app mediadrmserver_service:service_manager find;
+allow platform_app mediacasserver_service:service_manager find;
 allow platform_app persistent_data_block_service:service_manager find;
 allow platform_app radio_service:service_manager find;
 allow platform_app surfaceflinger_service:service_manager find;

diff --git a/private/priv_app.te b/private/priv_app.te
index dd4ac2c..76dbb98 100644
--- a/private/priv_app.te
+++ b/private/priv_app.te

@@ -26,6 +26,7 @@
 allow priv_app mediacodec_service:service_manager find;
 allow priv_app mediametrics_service:service_manager find;
 allow priv_app mediadrmserver_service:service_manager find;
+allow priv_app mediacasserver_service:service_manager find;
 allow priv_app mediaextractor_service:service_manager find;
 allow priv_app mediaserver_service:service_manager find;
 allow priv_app nfc_service:service_manager find;

diff --git a/private/service_contexts b/private/service_contexts
index 6f46793..5200b8d 100644
--- a/private/service_contexts
+++ b/private/service_contexts

@@ -87,6 +87,7 @@
 media.radio                               u:object_r:audioserver_service:s0
 media.sound_trigger_hw                    u:object_r:audioserver_service:s0
 media.drm                                 u:object_r:mediadrmserver_service:s0
+media.cas                                 u:object_r:mediacasserver_service:s0
 media_projection                          u:object_r:media_projection_service:s0
 media_resource_monitor                    u:object_r:media_session_service:s0
 media_router                              u:object_r:media_router_service:s0

diff --git a/private/system_server.te b/private/system_server.te
index f16cd2d..0ad5d99 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -511,6 +511,7 @@
 allow system_server mediaextractor_service:service_manager find;
 allow system_server mediacodec_service:service_manager find;
 allow system_server mediadrmserver_service:service_manager find;
+allow system_server mediacasserver_service:service_manager find;
 allow system_server netd_service:service_manager find;
 allow system_server nfc_service:service_manager find;
 allow system_server radio_service:service_manager find;

diff --git a/private/untrusted_app_all.te b/private/untrusted_app_all.te
index 0315252..edd1f93 100644
--- a/private/untrusted_app_all.te
+++ b/private/untrusted_app_all.te

@@ -66,6 +66,7 @@
 allow untrusted_app_all mediacodec_service:service_manager find;
 allow untrusted_app_all mediametrics_service:service_manager find;
 allow untrusted_app_all mediadrmserver_service:service_manager find;
+allow untrusted_app_all mediacasserver_service:service_manager find;
 allow untrusted_app_all nfc_service:service_manager find;
 allow untrusted_app_all radio_service:service_manager find;
 allow untrusted_app_all surfaceflinger_service:service_manager find;

diff --git a/private/untrusted_v2_app.te b/private/untrusted_v2_app.te
index df37fdd..e511709 100644
--- a/private/untrusted_v2_app.te
+++ b/private/untrusted_v2_app.te

@@ -29,6 +29,7 @@
 allow untrusted_v2_app mediacodec_service:service_manager find;
 allow untrusted_v2_app mediametrics_service:service_manager find;
 allow untrusted_v2_app mediadrmserver_service:service_manager find;
+allow untrusted_v2_app mediacasserver_service:service_manager find;
 allow untrusted_v2_app nfc_service:service_manager find;
 allow untrusted_v2_app radio_service:service_manager find;
 allow untrusted_v2_app surfaceflinger_service:service_manager find;

diff --git a/public/mediadrmserver.te b/public/mediadrmserver.te
index 9eb597c..94ff76f 100644
--- a/public/mediadrmserver.te
+++ b/public/mediadrmserver.te

@@ -17,6 +17,8 @@
 allow mediadrmserver processinfo_service:service_manager find;
 allow mediadrmserver surfaceflinger_service:service_manager find;
 
+add_service(mediadrmserver, mediacasserver_service)
+
 ###
 ### neverallow rules
 ###

diff --git a/public/mediaextractor.te b/public/mediaextractor.te
index dc7c90e..43d511c 100644
--- a/public/mediaextractor.te
+++ b/public/mediaextractor.te

@@ -11,6 +11,7 @@
 
 add_service(mediaextractor, mediaextractor_service)
 allow mediaextractor mediametrics_service:service_manager find;
+allow mediaextractor mediacasserver_service:service_manager find;
 
 allow mediaextractor system_server:fd use;
 

diff --git a/public/service.te b/public/service.te
index c8cd4de..e96841d 100644
--- a/public/service.te
+++ b/public/service.te

@@ -18,6 +18,7 @@
 type mediaextractor_service,    service_manager_type;
 type mediacodec_service,        service_manager_type;
 type mediadrmserver_service,    service_manager_type;
+type mediacasserver_service,    service_manager_type;
 type netd_service,              service_manager_type;
 type nfc_service,               service_manager_type;
 type radio_service,             service_manager_type;
commit	7291641803f204f5ba3ebdbe700f9510419810a3	[log] [tgz]
author	Chong Zhang <chz@google.com>	Mon Oct 31 17:02:32 2016 -0700
committer	Chong Zhang <chz@google.com>	Tue Feb 28 12:31:45 2017 -0800
tree	694834db0981c2cbd38cf0c5910389d80cc64a28
parent	34ab219f3f9ed6489ee1380b3727e0bc07a1ddf0 [diff]