On Wed, Jul 17, 2024 at 11:38:33AM +0200, Anton Khirnov wrote: > Quoting Cosmin Stejerean via ffmpeg-devel (2024-07-16 22:14:19) > > > > > > > On Jul 16, 2024, at 8:24 PM, Rémi Denis-Courmont wrote: > > > > > > Le tiistaina 16. heinäkuuta 2024, 18.48.06 EEST Cosmin Stejerean via ffmpeg- > > > devel a écrit : > > >> To add another data point, the platform decoders might also be more secure > > >> due to sandboxing. I believe as of Android Q the software decoders provided > > >> by MediaCodec have been moved to run within a constrained sandbox. > > > > > > Platform decoders are in all likelihood strictly less secure than software > > > decoders. Software decoders will run in a user-space sandboxed within their > > > respective application. Platform decoders will run in a more privileged system > > > service, with direct access to a kernel driver in EL1, through that to the > > > firmware running on the video DSP. > > > > > > More performant and energy-efficient. But also way way less secure. > > > > > > The only viewpoint whence this is more secure, is the content publisher's: > > > this model enables DRM with hardware pass-through (but that does not even > > > apply if you use FFmpeg as the front end). > > > > > > > Platform provided *software* decoders should be more secure than bundled software decoders due to the sandboxing of software decoders in recent versions of Android. > > If that is such an important feature to someone then it is not > inconceivable to implement some sort of sandboxing inside avcodec. > > I'm not a big fan of the argument "we should provide passthrough to > proprietary decoders because they are more secure". +1 thx [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB Dictatorship: All citizens are under surveillance, all their steps and actions recorded, for the politicians to enforce control. Democracy: All politicians are under surveillance, all their steps and actions recorded, for the citizens to enforce control.