On 11/04/2015 11:35 AM, Stephen Smalley wrote: >On 11/03/2015 11:00 AM, Mahaveer, Vishal wrote: >> Hi, >> >> Wanted to know what is the status of rpmsg_device in latest seandroid >policies. >> Is it up to date with latest seandroid developments? >> >> Currently only mediaserver has access to it. >> Reason for this query is because there are no Nexus devices that use >rpmsg device. >> >> We have platforms that still use rpmsg device and Currently we see >> selinux denials for rpmsg_device from system_server, platform_apps and >untrusted_apps. > >You need to investigate why you have other processes trying to directly >access rpmsg, as this is potentially a security risk (e.g. do you really >want arbitrary third party apps to be able to directly access the driver >and potentially send arbitrary data to the remote processor?).
In our case rpmsg_device is accessed by libstagefrighthw. We use rpmsg_device as hardware decoder Should I define it as video_device instead? That would take care of system_server denials. I am yet to figure out why systemui (platform_app) is using hardware decoder. > >I think when rpmsg_device was introduced, it was only being used for camera >and thus only mediaserver required it. I'm not overly concerned with >opening it up to system_server, but apps are another thing... _______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
