Quoting Cosmin Stejerean via ffmpeg-devel (2024-07-16 22:14:19) > > > > On Jul 16, 2024, at 8:24 PM, Rémi Denis-Courmont <r...@remlab.net> wrote: > > > > Le tiistaina 16. heinäkuuta 2024, 18.48.06 EEST Cosmin Stejerean via ffmpeg- > > devel a écrit : > >> To add another data point, the platform decoders might also be more secure > >> due to sandboxing. I believe as of Android Q the software decoders provided > >> by MediaCodec have been moved to run within a constrained sandbox. > > > > Platform decoders are in all likelihood strictly less secure than software > > decoders. Software decoders will run in a user-space sandboxed within their > > respective application. Platform decoders will run in a more privileged > > system > > service, with direct access to a kernel driver in EL1, through that to the > > firmware running on the video DSP. > > > > More performant and energy-efficient. But also way way less secure. > > > > The only viewpoint whence this is more secure, is the content publisher's: > > this model enables DRM with hardware pass-through (but that does not even > > apply if you use FFmpeg as the front end). > > > > Platform provided *software* decoders should be more secure than bundled > software decoders due to the sandboxing of software decoders in recent > versions of Android.
If that is such an important feature to someone then it is not inconceivable to implement some sort of sandboxing inside avcodec. I'm not a big fan of the argument "we should provide passthrough to proprietary decoders because they are more secure". -- Anton Khirnov _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
