测试平台
Platform: RK3399/RK3399pro
OS: Android9.0
现象
rk的Bootanimation自带了开机动画播放视频的功能,具体的使用方法如下:
BOOT_VIDEO_ENABLE ?= true
之前主要编译userdebug版本和eng版本的固件,都可以正常播放,目前有客户提出user版本下无法播放.
分析解决
user模式下无法使用,主要是selinux的权限问题,解决补丁如下
---
device/rockchip/common/sepolicy/vendor/bootanim.te | 3 +++
system/sepolicy/prebuilts/api/26.0/public/bootanim.te | 1 +
system/sepolicy/prebuilts/api/26.0/public/mediaserver.te | 1 +
system/sepolicy/prebuilts/api/27.0/public/bootanim.te | 1 +
system/sepolicy/prebuilts/api/27.0/public/mediaserver.te | 1 +
system/sepolicy/prebuilts/api/28.0/public/bootanim.te | 1 +
system/sepolicy/prebuilts/api/28.0/public/mediaserver.te | 1 +
system/sepolicy/public/bootanim.te | 1 +
system/sepolicy/public/mediaserver.te | 1 +
9 files changed, 11 insertions(+)
diff --git a/device/rockchip/common/sepolicy/vendor/bootanim.te b/device/rockchip/common/sepolicy/vendor/bootanim.te
index 0c080c2..2a401ca 100644
--- a/device/rockchip/common/sepolicy/vendor/bootanim.te
+++ b/device/rockchip/common/sepolicy/vendor/bootanim.te
@@ -15,3 +15,6 @@ get_prop(bootanim, vendor_default_prop)
allow bootanim init:unix_stream_socket connectto;
allow bootanim property_socket:sock_file write;
allow bootanim vendor_file:file { getattr open read };
+
+allow bootanim mediaserver_service:service_manager find;
+
diff --git a/system/sepolicy/prebuilts/api/26.0/public/bootanim.te b/system/sepolicy/prebuilts/api/26.0/public/bootanim.te
index e2584c3..2e58427 100644
--- a/system/sepolicy/prebuilts/api/26.0/public/bootanim.te
+++ b/system/sepolicy/prebuilts/api/26.0/public/bootanim.te
@@ -8,6 +8,7 @@ hal_client_domain(bootanim, hal_graphics_composer)
binder_use(bootanim)
binder_call(bootanim, surfaceflinger)
binder_call(bootanim, audioserver)
+binder_call(bootanim, mediaserver)
hwbinder_use(bootanim)
diff --git a/system/sepolicy/prebuilts/api/26.0/public/mediaserver.te b/system/sepolicy/prebuilts/api/26.0/public/mediaserver.te
index 6efaf0f..18813e2 100644
--- a/system/sepolicy/prebuilts/api/26.0/public/mediaserver.te
+++ b/system/sepolicy/prebuilts/api/26.0/public/mediaserver.te
@@ -26,6 +26,7 @@ userdebug_or_eng(`
binder_use(mediaserver)
binder_call(mediaserver, binderservicedomain)
binder_call(mediaserver, appdomain)
+binder_call(mediaserver, bootanim)
binder_service(mediaserver)
allow mediaserver media_data_file:dir create_dir_perms;
diff --git a/system/sepolicy/prebuilts/api/27.0/public/bootanim.te b/system/sepolicy/prebuilts/api/27.0/public/bootanim.te
index 1a265f9..7a57e3c 100644
--- a/system/sepolicy/prebuilts/api/27.0/public/bootanim.te
+++ b/system/sepolicy/prebuilts/api/27.0/public/bootanim.te
@@ -9,6 +9,7 @@ hal_client_domain(bootanim, hal_graphics_composer)
binder_use(bootanim)
binder_call(bootanim, surfaceflinger)
binder_call(bootanim, audioserver)
+binder_call(bootanim, mediaserver)
hwbinder_use(bootanim)
diff --git a/system/sepolicy/prebuilts/api/27.0/public/mediaserver.te b/system/sepolicy/prebuilts/api/27.0/public/mediaserver.te
index 6efaf0f..18813e2 100644
--- a/system/sepolicy/prebuilts/api/27.0/public/mediaserver.te
+++ b/system/sepolicy/prebuilts/api/27.0/public/mediaserver.te
@@ -26,6 +26,7 @@ userdebug_or_eng(`
binder_use(mediaserver)
binder_call(mediaserver, binderservicedomain)
binder_call(mediaserver, appdomain)
+binder_call(mediaserver, bootanim)
binder_service(mediaserver)
allow mediaserver media_data_file:dir create_dir_perms;
diff --git a/system/sepolicy/prebuilts/api/28.0/public/bootanim.te b/system/sepolicy/prebuilts/api/28.0/public/bootanim.te
index 3260227..2e382f4 100644
--- a/system/sepolicy/prebuilts/api/28.0/public/bootanim.te
+++ b/system/sepolicy/prebuilts/api/28.0/public/bootanim.te
@@ -9,6 +9,7 @@ hal_client_domain(bootanim, hal_graphics_composer)
binder_use(bootanim)
binder_call(bootanim, surfaceflinger)
binder_call(bootanim, audioserver)
+binder_call(bootanim, mediaserver)
hwbinder_use(bootanim)
diff --git a/system/sepolicy/prebuilts/api/28.0/public/mediaserver.te b/system/sepolicy/prebuilts/api/28.0/public/mediaserver.te
index f0c94ed..60b8467 100644
--- a/system/sepolicy/prebuilts/api/28.0/public/mediaserver.te
+++ b/system/sepolicy/prebuilts/api/28.0/public/mediaserver.te
@@ -26,6 +26,7 @@ userdebug_or_eng(`
binder_use(mediaserver)
binder_call(mediaserver, binderservicedomain)
binder_call(mediaserver, appdomain)
+binder_call(mediaserver, bootanim)
binder_service(mediaserver)
allow mediaserver media_data_file:dir create_dir_perms;
diff --git a/system/sepolicy/public/bootanim.te b/system/sepolicy/public/bootanim.te
index 3260227..2e382f4 100644
--- a/system/sepolicy/public/bootanim.te
+++ b/system/sepolicy/public/bootanim.te
@@ -9,6 +9,7 @@ hal_client_domain(bootanim, hal_graphics_composer)
binder_use(bootanim)
binder_call(bootanim, surfaceflinger)
binder_call(bootanim, audioserver)
+binder_call(bootanim, mediaserver)
hwbinder_use(bootanim)
diff --git a/system/sepolicy/public/mediaserver.te b/system/sepolicy/public/mediaserver.te
index f0c94ed..60b8467 100644
--- a/system/sepolicy/public/mediaserver.te
+++ b/system/sepolicy/public/mediaserver.te
@@ -26,6 +26,7 @@ userdebug_or_eng(`
binder_use(mediaserver)
binder_call(mediaserver, binderservicedomain)
binder_call(mediaserver, appdomain)
+binder_call(mediaserver, bootanim)
binder_service(mediaserver)
allow mediaserver media_data_file:dir create_dir_perms;
--
2.7.4