Merge "Disable Codec 2.0" into rvc-dev
diff --git a/host/commands/assemble_cvd/flags.cc b/host/commands/assemble_cvd/flags.cc
index 5064c81..827ac4f 100644
--- a/host/commands/assemble_cvd/flags.cc
+++ b/host/commands/assemble_cvd/flags.cc
@@ -860,7 +860,7 @@
for (const auto& instance : config->Instances()) {
if (!cvd::FileExists(instance.access_kregistry_path())) {
- CreateBlankImage(instance.access_kregistry_path(), 1, "none", "64K");
+ CreateBlankImage(instance.access_kregistry_path(), 2, "none", "1M");
}
}
@@ -886,7 +886,7 @@
<< "newer than its underlying composite disk. Wiping the overlay.";
}
CreateQcowOverlay(config->crosvm_binary(), config->composite_disk_path(), overlay_path);
- CreateBlankImage(instance.access_kregistry_path(), 1, "none", "64K");
+ CreateBlankImage(instance.access_kregistry_path(), 2, "none", "1M");
}
}
diff --git a/shared/sepolicy/vendor/cameraserver.te b/shared/sepolicy/vendor/cameraserver.te
index 240026b..94146e1 100644
--- a/shared/sepolicy/vendor/cameraserver.te
+++ b/shared/sepolicy/vendor/cameraserver.te
@@ -1,2 +1,4 @@
# Read GCE initial metadata file
allow cameraserver initial_metadata_file:file r_file_perms;
+
+gpu_access(cameraserver)
diff --git a/shared/sepolicy/vendor/ephemeral_app.te b/shared/sepolicy/vendor/ephemeral_app.te
new file mode 100644
index 0000000..92fcef6
--- /dev/null
+++ b/shared/sepolicy/vendor/ephemeral_app.te
@@ -0,0 +1 @@
+gpu_access(ephemeral_app)
diff --git a/shared/sepolicy/vendor/hal_camera_default.te b/shared/sepolicy/vendor/hal_camera_default.te
index 67c0ddc..2442d83 100644
--- a/shared/sepolicy/vendor/hal_camera_default.te
+++ b/shared/sepolicy/vendor/hal_camera_default.te
@@ -9,3 +9,5 @@
# For camera hal to talk with sensor service
binder_call(hal_camera_default, sensor_service_server)
binder_call(sensor_service_server, hal_camera_default)
+
+gpu_access(hal_camera_default)
diff --git a/shared/sepolicy/vendor/mediacodec.te b/shared/sepolicy/vendor/mediacodec.te
index e26f128..dcb0a03 100644
--- a/shared/sepolicy/vendor/mediacodec.te
+++ b/shared/sepolicy/vendor/mediacodec.te
@@ -1 +1,3 @@
allow mediacodec system_file:dir r_dir_perms;
+
+gpu_access(mediacodec)
diff --git a/shared/sepolicy/vendor/mediaserver.te b/shared/sepolicy/vendor/mediaserver.te
new file mode 100644
index 0000000..922af2c
--- /dev/null
+++ b/shared/sepolicy/vendor/mediaserver.te
@@ -0,0 +1 @@
+gpu_access(mediaserver)
diff --git a/shared/sepolicy/vendor/mediaswcodec.te b/shared/sepolicy/vendor/mediaswcodec.te
new file mode 100644
index 0000000..ff9c5b5
--- /dev/null
+++ b/shared/sepolicy/vendor/mediaswcodec.te
@@ -0,0 +1 @@
+gpu_access(mediaswcodec)
diff --git a/shared/sepolicy/vendor/te_macros b/shared/sepolicy/vendor/te_macros
index d49e378..c4f26eb 100644
--- a/shared/sepolicy/vendor/te_macros
+++ b/shared/sepolicy/vendor/te_macros
@@ -3,7 +3,7 @@
# Allow client_domain to communicate with the virgl GPU
define(`gpu_access', `
allow $1 gpu_device:dir { open read search };
-allow $1 gpu_device:chr_file { getattr read write };
+allow $1 gpu_device:chr_file { getattr ioctl map open read write };
allow $1 graphics_device:chr_file { getattr };
allow $1 sysfs_gpu:file { getattr open read };
')