Add policies for hal_codec2 Allow hal_codec2_server to read fifo_file from hal_codec2_client Allow hal_codec2_client to find surfaceflinger_service:service_manager. Bug: 337356582 Test: atest CtsMediaTranscodingTestCases Change-Id: I76b2ca7d3caf7909d9d6df424eb5f68b1a0a6f03

commit: 8eed41c1aa5c1fb3c2d5a1b5eacf9ea4f751675d [log] [tgz]
author: Sungtak Lee <taklee@google.com> Tue Apr 30 22:48:32 2024 +0000
committer: Sungtak Lee <taklee@google.com> Thu May 02 08:22:57 2024 +0000
tree: f7e8ab1534641e86993f7c676a89803da5a703b2
parent: 77a8ac9ab4a980d6c4759dc784ab8ea51a0e29da [diff]
diff --git a/private/hal_codec2.te b/private/hal_codec2.te
index 0bdcc23..df36ff8 100644
--- a/private/hal_codec2.te
+++ b/private/hal_codec2.te

@@ -26,7 +26,9 @@
 
 allow hal_codec2_client ion_device:chr_file r_file_perms;
 
+allow { hal_codec2_client -isolated_app_all } surfaceflinger_service:service_manager find;
+
 # codec2 aidl graphic buffer allocation waitable object
 allow hal_codec2_server su:fifo_file read;
-allow hal_codec2_server mediaserver:fifo_file read;
+allow hal_codec2_server hal_codec2_client:fifo_file read;
 allow hal_codec2_server { appdomain -isolated_app_all }:fifo_file read;
commit	8eed41c1aa5c1fb3c2d5a1b5eacf9ea4f751675d	[log] [tgz]
author	Sungtak Lee <taklee@google.com>	Tue Apr 30 22:48:32 2024 +0000
committer	Sungtak Lee <taklee@google.com>	Thu May 02 08:22:57 2024 +0000
tree	f7e8ab1534641e86993f7c676a89803da5a703b2
parent	77a8ac9ab4a980d6c4759dc784ab8ea51a0e29da [diff]