diff --git a/bsp/non_plat/hwservice.te b/bsp/non_plat/hwservice.te index d679316..1b011a7 100644 --- a/bsp/non_plat/hwservice.te +++ b/bsp/non_plat/hwservice.te @@ -6,6 +6,7 @@ type mtk_hal_netdagent_hwservice, hwservice_manager_type; type volte_rcs_ua_hwservice, hwservice_manager_type; type mtk_hal_dfps_hwservice, hwservice_manager_type; type mtk_hal_dplanner_hwservice, hwservice_manager_type; +type mtk_hal_keyinstall_hwservice, hwservice_manager_type; type mtk_hal_pplagent_hwservice, hwservice_manager_type; # omadm hidl type mtk_hal_omadm_hwservice, hwservice_manager_type; diff --git a/bsp/non_plat/hwservice_contexts b/bsp/non_plat/hwservice_contexts index 73e3119..f07aafe 100644 --- a/bsp/non_plat/hwservice_contexts +++ b/bsp/non_plat/hwservice_contexts @@ -36,6 +36,9 @@ vendor.mediatek.hardware.dplanner::IDPlanner u:object_r:mtk_hal_dplanner_hwservi # tablet DRM Key Manage HIDL vendor.mediatek.hardware.keymanage::IKeymanage u:object_r:mtk_hal_keymanage_hwservice:s0 +# DRM Key Installation HIDL +vendor.mediatek.hardware.keyinstall::IKeyinstall u:object_r:mtk_hal_keyinstall_hwservice:s0 + # Date: 2018/05/07 vendor.mediatek.hardware.pplagent::IPplAgent u:object_r:mtk_hal_pplagent_hwservice:s0 diff --git a/bsp/non_plat/mtk_hal_keyinstall.te b/bsp/non_plat/mtk_hal_keyinstall.te index c7b192e..789b2fd 100644 --- a/bsp/non_plat/mtk_hal_keyinstall.te +++ b/bsp/non_plat/mtk_hal_keyinstall.te @@ -7,6 +7,12 @@ type mtk_hal_keyinstall_exec, exec_type, file_type, vendor_file_type; # Setup for domain transition init_daemon_domain(mtk_hal_keyinstall) +# Associate mtk_hal_keyinstall_hwservice with all server domain +add_hwservice(hal_keymaster_server, mtk_hal_keyinstall_hwservice) + +# Give permission for hal_keymaster_client to find mtk_hal_keyinstall_hwservice via hwservice_manager +allow hal_keymaster_client mtk_hal_keyinstall_hwservice:hwservice_manager find; + # Allow mtk_hal_keyinstall to communicate with mobicore allow mtk_hal_keyinstall mobicore:unix_stream_socket connectto; allow mtk_hal_keyinstall mobicore_data_file:dir search;