-
Nick Kralevich authored
When playing protected content on manta, surfaceflinger would crash. STEPS TO REPRODUCE: 1. Launch Play Movies & TV 2. Play any movie and observe OBSERVED RESULTS: Device reboot while playing movies EXPECTED RESULTS: No device reboot Even though this only reproduces on manta, this seems appropriate for a general policy. Addresses the following denials: <5>[ 36.066819] type=1400 audit(1389141624.471:9): avc: denied { write } for pid=1855 comm="TimedEventQueue" name="tlcd_sock" dev="mmcblk0p9" ino=627097 scontext=u:r:mediaserver:s0 tcontext=u:object_r:drmserver_socket:s0 tclass=sock_file <5>[ 36.066985] type=1400 audit(1389141624.471:10): avc: denied { connectto } for pid=1855 comm="TimedEventQueue" path="/data/app/tlcd_sock" scontext=u:r:mediaserver:s0 tcontext=u:r:drmserver:s0 tclass=unix_stream_socket <5>[ 41.379708] type=1400 audit(1389141629.786:15): avc: denied { connectto } for pid=120 comm="surfaceflinger" path=006D636461656D6F6E scontext=u:r:surfaceflinger:s0 tcontext=u:r:tee:s0 tclass=unix_stream_socket <5>[ 41.380051] type=1400 audit(1389141629.786:16): avc: denied { read write } for pid=120 comm="surfaceflinger" name="mobicore-user" dev="tmpfs" ino=4117 scontext=u:r:surfaceflinger:s0 tcontext=u:object_r:tee_device:s0 tclass=chr_file <5>[ 41.380209] type=1400 audit(1389141629.786:17): avc: denied { open } for pid=120 comm="surfaceflinger" name="mobicore-user" dev="tmpfs" ino=4117 scontext=u:r:surfaceflinger:s0 tcontext=u:object_r:tee_device:s0 tclass=chr_file <5>[ 41.380779] type=1400 audit(1389141629.786:18): avc: denied { ioctl } for pid=120 comm="surfaceflinger" path="/dev/mobicore-user" dev="tmpfs" ino=4117 scontext=u:r:surfaceflinger:s0 tcontext=u:object_r:tee_device:s0 tclass=chr_file Change-Id: I20286ec2a6cf0d190a84ad74e88e94468bab9fdb Bug: 12434847e45603d3
surfaceflinger.te 1.67 KiB