1 # bufferhubd 2 type bufferhubd, domain, mlstrustedsubject; 3 type bufferhubd_exec, exec_type, file_type; 4 5 hal_client_domain(bufferhubd, hal_graphics_allocator) 6 7 pdx_server(bufferhubd, bufferhub_client) 8 pdx_client(bufferhubd, performance_client) 9 10 # Access the GPU. 11 allow bufferhubd gpu_device:chr_file rw_file_perms; 12 13 # Access /dev/ion 14 allow bufferhubd ion_device:chr_file r_file_perms; 15 16 # Receive sync fence FDs from mediacodec. Note that mediacodec never directly 17 # connects to bufferhubd via PDX. Instead, a VR app acts as a bridge between 18 # those two: it talks to mediacodec via Binder and talks to bufferhubd via PDX. 19 # Thus, there is no need to use pdx_client macro. 20 allow bufferhubd mediacodec:fd use; 21
