Move mediaextractor seccomp policy into apex
Bug: 112767732
Test: build, run
Change-Id: I3d63b6346c1305ba662077eb81b714cbe24ccfb9
diff --git a/apex/Android.bp b/apex/Android.bp
index 2cc6fcb..15ff770 100644
--- a/apex/Android.bp
+++ b/apex/Android.bp
@@ -33,6 +33,9 @@
],
},
},
+ prebuilts: [
+ "mediaextractor.policy",
+ ],
key: "com.android.media.key",
certificate: ":com.android.media.certificate",
diff --git a/services/mediaextractor/Android.bp b/services/mediaextractor/Android.bp
new file mode 100644
index 0000000..b812244
--- /dev/null
+++ b/services/mediaextractor/Android.bp
@@ -0,0 +1,71 @@
+// service library
+cc_library_shared {
+ name: "libmediaextractorservice",
+ cflags: [
+ "-Wall",
+ "-Werror",
+ ],
+ srcs: ["MediaExtractorService.cpp"],
+
+ shared_libs: [
+ "libmedia",
+ "libstagefright",
+ "libbinder",
+ "libutils",
+ ],
+}
+
+// service executable
+cc_binary {
+ name: "mediaextractor",
+
+ srcs: ["main_extractorservice.cpp"],
+ shared_libs: [
+ "libmedia",
+ "libmediaextractorservice",
+ "libbinder",
+ "libutils",
+ "liblog",
+ "libavservices_minijail",
+ ],
+ target: {
+ android: {
+ product_variables: {
+ malloc_not_svelte: {
+ // Scudo increases memory footprint, so only enable on
+ // non-svelte devices.
+ shared_libs: ["libc_scudo"],
+ },
+ },
+ },
+ },
+ init_rc: ["mediaextractor.rc"],
+
+ include_dirs: ["frameworks/av/media/libmedia"],
+
+ cflags: [
+ "-Wall",
+ "-Werror",
+ ],
+}
+
+prebuilt_etc {
+ name: "mediaextractor.policy",
+ sub_dir: "seccomp_policy",
+ arch: {
+ arm: {
+ src: "seccomp_policy/mediaextractor-arm.policy",
+ },
+ arm64: {
+ src: "seccomp_policy/mediaextractor-arm64.policy",
+ },
+ x86: {
+ src: "seccomp_policy/mediaextractor-x86.policy",
+ },
+ x86_64: {
+ src: "seccomp_policy/mediaextractor-x86_64.policy",
+ },
+ },
+ required: ["crash_dump.policy"],
+}
+
diff --git a/services/mediaextractor/Android.mk b/services/mediaextractor/Android.mk
deleted file mode 100644
index e8a59df..0000000
--- a/services/mediaextractor/Android.mk
+++ /dev/null
@@ -1,43 +0,0 @@
-LOCAL_PATH := $(call my-dir)
-
-# service library
-include $(CLEAR_VARS)
-LOCAL_CFLAGS := -Wall -Werror
-LOCAL_SRC_FILES := \
- MediaExtractorService.cpp
-
-LOCAL_SHARED_LIBRARIES := libmedia libstagefright libbinder libutils
-LOCAL_MODULE:= libmediaextractorservice
-include $(BUILD_SHARED_LIBRARY)
-
-
-# service executable
-include $(CLEAR_VARS)
-# seccomp filters are defined for the following architectures:
-LOCAL_REQUIRED_MODULES_arm := crash_dump.policy mediaextractor.policy
-LOCAL_REQUIRED_MODULES_arm64 := crash_dump.policy mediaextractor.policy
-LOCAL_REQUIRED_MODULES_x86 := crash_dump.policy mediaextractor.policy
-LOCAL_REQUIRED_MODULES_x86_64 := crash_dump.policy mediaextractor.policy
-
-LOCAL_SRC_FILES := main_extractorservice.cpp
-ifneq (true, $(filter true, $(MALLOC_SVELTE)))
-# Scudo increases memory footprint, so only use on non-svelte configs.
-LOCAL_SHARED_LIBRARIES := libc_scudo
-endif
-LOCAL_SHARED_LIBRARIES += libmedia libmediaextractorservice libbinder libutils \
- liblog libavservices_minijail
-LOCAL_MODULE:= mediaextractor
-LOCAL_INIT_RC := mediaextractor.rc
-LOCAL_C_INCLUDES := frameworks/av/media/libmedia
-LOCAL_CFLAGS := -Wall -Werror
-include $(BUILD_EXECUTABLE)
-
-# service seccomp filter
-ifeq ($(TARGET_ARCH), $(filter $(TARGET_ARCH), arm arm64 x86 x86_64))
-include $(CLEAR_VARS)
-LOCAL_MODULE := mediaextractor.policy
-LOCAL_MODULE_CLASS := ETC
-LOCAL_MODULE_PATH := $(TARGET_OUT)/etc/seccomp_policy
-LOCAL_SRC_FILES := seccomp_policy/mediaextractor-$(TARGET_ARCH).policy
-include $(BUILD_PREBUILT)
-endif
diff --git a/services/mediaextractor/main_extractorservice.cpp b/services/mediaextractor/main_extractorservice.cpp
index 4a85140..3c4125b 100644
--- a/services/mediaextractor/main_extractorservice.cpp
+++ b/services/mediaextractor/main_extractorservice.cpp
@@ -36,7 +36,7 @@
using namespace android;
static const char kSystemSeccompPolicyPath[] =
- "/system/etc/seccomp_policy/mediaextractor.policy";
+ "/apex/com.android.media/etc/seccomp_policy/mediaextractor.policy";
static const char kVendorSeccompPolicyPath[] =
"/vendor/etc/seccomp_policy/mediaextractor.policy";