Define a new selinux label for DMABUF system heap
Define the label dmabuf_system_heap_device for /dev/dma_heap/system.
This the default DMA-BUF heap that Codec2 will use one ION is
deprecated.
Test: video playback without denials with DMA-BUF heaps enabled
Bug: 168333162
Change-Id: Ief48165cd804bde00e1881a693b5eb44a45b633b
diff --git a/private/compat/30.0/30.0.ignore.cil b/private/compat/30.0/30.0.ignore.cil
index d05cc4d..57bc743 100644
--- a/private/compat/30.0/30.0.ignore.cil
+++ b/private/compat/30.0/30.0.ignore.cil
@@ -9,6 +9,7 @@
apex_info_file
cgroup_v2
debugfs_kprobes
+ dmabuf_system_heap_device
gki_apex_prepostinstall
gki_apex_prepostinstall_exec
hal_fingerprint_service
diff --git a/private/file_contexts b/private/file_contexts
index 8fa09bb..6a9507a 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -92,6 +92,7 @@
/dev/bus/usb(.*)? u:object_r:usb_device:s0
/dev/console u:object_r:console_device:s0
/dev/cpu_variant:.* u:object_r:dev_cpu_variant:s0
+/dev/dma_heap/system u:object_r:dmabuf_system_heap_device:s0
/dev/device-mapper u:object_r:dm_device:s0
/dev/eac u:object_r:audio_device:s0
/dev/event-log-tags u:object_r:runtime_event_log_tags_file:s0
diff --git a/public/device.te b/public/device.te
index 43d6322..4282a25 100644
--- a/public/device.te
+++ b/public/device.te
@@ -44,6 +44,7 @@
type fuse_device, dev_type, mlstrustedobject;
type iio_device, dev_type;
type ion_device, dev_type, mlstrustedobject;
+type dmabuf_system_heap_device, dev_type, mlstrustedobject;
type qtaguid_device, dev_type;
type watchdog_device, dev_type;
type uhid_device, dev_type;