Allow fd access between mediacodec and bufferhubd
bufferhubd should be able to use sync fence fd from mediacodec; and
mediacodec should be able to use a gralloc buffer fd from the bufferhubd.
Bug: 32213311
Test: Ran exoplayer_demo and verify mediacodec can plumb buffer through
bufferhub.
Change-Id: Id175827c56c33890ecce33865b0b1167d872fc56
diff --git a/public/bufferhubd.te b/public/bufferhubd.te
index 9543398..2314433 100644
--- a/public/bufferhubd.te
+++ b/public/bufferhubd.te
@@ -10,3 +10,9 @@
# Access /dev/ion
allow bufferhubd ion_device:chr_file r_file_perms;
+
+# Receive sync fence FDs from mediacodec. Note that mediacodec never directly
+# connects to bufferhubd via PDX. Instead, a VR app acts as a bridge between
+# those two: it talks to mediacodec via Binder and talks to bufferhubd via PDX.
+# Thus, there is no need to use use_pdx macro.
+allow bufferhubd mediacodec:fd use;
diff --git a/public/mediacodec.te b/public/mediacodec.te
index 99ebdb1..6ab90eb 100644
--- a/public/mediacodec.te
+++ b/public/mediacodec.te
@@ -26,6 +26,12 @@
hwallocator_use(mediacodec)
allow mediacodec system_file:dir { open read };
+# Recieve gralloc buffer FDs from bufferhubd. Note that mediacodec never
+# directly connects to bufferhubd via PDX. Instead, a VR app acts as a bridge
+# between those two: it talks to mediacodec via Binder and talks to bufferhubd
+# via PDX. Thus, there is no need to use use_pdx macro.
+allow mediacodec bufferhubd:fd use;
+
###
### neverallow rules
###