commit 6772cfb5ac55fca9a31ce6a91855f6e8d14e18be
author Iliyan Malchev <malchev@google.com> Tue Apr 11 20:19:36 2017 -0700
committer Iliyan Malchev <malchev@google.com> Fri Apr 14 18:50:59 2017 +0000
tree f8f3a2ecf2ac7dc70ffc76e151c8e986377d9beb
parent d3721abf255250a0795eeddcf5b06f90d74893a9

mediacodec: route all libbinder traffic to /dev/vndbinder

This CL provides additional sandboxing to ensure that the ban on using
/dev/binder to communicate between system and vendor is enforced (even
if SE policy might otherwise permit it.)  This is done only on
full-Treble devices.

b/36604251 OMX HAL (aka mediacodec) uses Binder and even exposes a
	   Binder service

Test: marlin

Change-Id: I344f5eb9d8719beec02207be65caca78336afff5
Signed-off-by: Iliyan Malchev <malchev@google.com>

services/mediacodec/main_codecservice.cpp

diff --git a/services/mediacodec/main_codecservice.cpp b/services/mediacodec/main_codecservice.cpp
index 3a4546b..c4e4cff 100644
--- a/services/mediacodec/main_codecservice.cpp
+++ b/services/mediacodec/main_codecservice.cpp
@@ -46,6 +46,11 @@
 int main(int argc __unused, char** argv)
 {
     LOG(INFO) << "mediacodecservice starting";
+    bool treble = property_get_bool("persist.media.treble_omx", true);
+    if (treble) {
+      android::ProcessState::initWithDriver("/dev/vndbinder");
+    }
+
     signal(SIGPIPE, SIG_IGN);
     SetUpMinijail(kSystemSeccompPolicyPath, kVendorSeccompPolicyPath);
 
@@ -54,7 +59,7 @@
     ::android::hardware::configureRpcThreadpool(64, false);
     sp<ProcessState> proc(ProcessState::self());
 
-    if (property_get_bool("persist.media.treble_omx", true)) {
+    if (treble) {
         using namespace ::android::hardware::media::omx::V1_0;
         sp<IOmx> omx = new implementation::Omx();
         if (omx == nullptr) {