From 0df2e47cb15c47a4a65fe42b5e6a2f93bcb6461d Mon Sep 17 00:00:00 2001
From: wenchangliu <wenchangliu@google.com>
Date: Tue, 23 Nov 2021 22:53:19 +0800
Subject: [PATCH] Allow mediacodec_samsung can route /dev/binder traffic to
 /dev/vndbinder

This patch fixes the following denial:

avc: denied { call } for scontext=u:r:mediacodec_samsung:s0 \
tcontext=u:r:vndservicemanager:s0 tclass=binder permissive=1

avc: denied { transfer } for scontext=u:r:mediacodec_samsung:s0 \
tcontext=u:r:vndservicemanager:s0 tclass=binder permissive=1

Bug: 205904381
Test: boot to home
Change-Id: Ie2c0577bdf987466b4f729d9f78d1a6704cd9d24
---
 tracking_denials/mediacodec_samsung.te | 3 ---
 whitechapel_pro/mediacodec_samsung.te  | 3 +++
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/tracking_denials/mediacodec_samsung.te b/tracking_denials/mediacodec_samsung.te
index 234242dd..09e2f0ed 100644
--- a/tracking_denials/mediacodec_samsung.te
+++ b/tracking_denials/mediacodec_samsung.te
@@ -8,6 +8,3 @@ dontaudit mediacodec_samsung vndbinder_device:chr_file { map };
 dontaudit mediacodec_samsung vndbinder_device:chr_file { open };
 dontaudit mediacodec_samsung vndbinder_device:chr_file { read };
 dontaudit mediacodec_samsung vndbinder_device:chr_file { write };
-# b/205904381
-dontaudit mediacodec_samsung vndservicemanager:binder { call };
-dontaudit mediacodec_samsung vndservicemanager:binder { transfer };
diff --git a/whitechapel_pro/mediacodec_samsung.te b/whitechapel_pro/mediacodec_samsung.te
index e34942a9..5ffa9203 100644
--- a/whitechapel_pro/mediacodec_samsung.te
+++ b/whitechapel_pro/mediacodec_samsung.te
@@ -4,3 +4,6 @@ init_daemon_domain(mediacodec_samsung)
 
 hal_server_domain(mediacodec_samsung, hal_codec2)
 add_service(mediacodec_samsung, eco_service)
+
+# can route /dev/binder traffic to /dev/vndbinder
+vndbinder_use(mediacodec_samsung)