Grant GPU access to mediaswcodec ... which will be needed for Cuttlefish with Minigbm Gralloc 4. Bug: b/146515640 Test: launch_cvd Test: launch_cvd --gpu_mode=drm_virgl Change-Id: Iaacebd15149eb3f07c6a6b4c258a54cf658d4217

commit: b35e1b51a8c29a9be439b092ad50542736345946 [log] [tgz]
author: Jason Macnak <natsu@google.com> Tue Mar 24 18:40:14 2020 -0700
committer: Jason Macnak <natsu@google.com> Tue May 12 11:20:03 2020 -0700
tree: e76a5c31bba048c7546891612d74f80a8cca8c58
parent: 72780f23c661d787624aaa7cf33eb2a29eb1e658 [diff]
diff --git a/shared/sepolicy/vendor/mediaswcodec.te b/shared/sepolicy/vendor/mediaswcodec.te
new file mode 100644
index 0000000..ff9c5b5
--- /dev/null
+++ b/shared/sepolicy/vendor/mediaswcodec.te

@@ -0,0 +1 @@
+gpu_access(mediaswcodec)

diff --git a/shared/sepolicy/vendor/te_macros b/shared/sepolicy/vendor/te_macros
index d49e378..c4f26eb 100644
--- a/shared/sepolicy/vendor/te_macros
+++ b/shared/sepolicy/vendor/te_macros

@@ -3,7 +3,7 @@
 # Allow client_domain to communicate with the virgl GPU
 define(`gpu_access', `
 allow $1 gpu_device:dir { open read search };
-allow $1 gpu_device:chr_file { getattr read write };
+allow $1 gpu_device:chr_file { getattr ioctl map open read write };
 allow $1 graphics_device:chr_file { getattr };
 allow $1 sysfs_gpu:file { getattr open read };
 ')
commit	b35e1b51a8c29a9be439b092ad50542736345946	[log] [tgz]
author	Jason Macnak <natsu@google.com>	Tue Mar 24 18:40:14 2020 -0700
committer	Jason Macnak <natsu@google.com>	Tue May 12 11:20:03 2020 -0700
tree	e76a5c31bba048c7546891612d74f80a8cca8c58
parent	72780f23c661d787624aaa7cf33eb2a29eb1e658 [diff]