NekoSakura/android_device_mediatek_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[ALPS04737987] Move clearkey and widevine sepolicy to basic repo

Browse Source 
Basic project which need clearkey and widevine will fail to
launch clearkey and widevine process, so we need move clearkey
and widevine related sepolicy to basic repo

MTK-Commit-Id: 889fb14b0d049c0fb53e1f2a45b43a1ba6700f9f

Change-Id: I7b9154b9dcee05be01a2d5f1c7a5f8d365ce4da6
CR-Id: ALPS04737987
Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
This commit is contained in:
mtk12101 2020-01-18 10:18:46 +08:00 committed by Shan Zhang
parent c2e8765592
commit 6d20aad659
3 changed files with 35 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
non_plat/file_contexts
View File

@ -646,3 +646,11 @@
# Date: 2019/07/16
# hdmi hal
/(system\/vendor|vendor)/bin/hw/vendor\.mediatek\.hardware\.hdmi@1\.0-service u:object_r:mtk_hal_hdmi_exec:s0
#Widevine drm hal(include lazy hal)
/vendor/bin/hw/android\.hardware\.drm@1\.2-service\.widevine u:object_r:hal_drm_widevine_exec:s0
/vendor/bin/hw/android\.hardware\.drm@1\.2-service-lazy\.widevine u:object_r:hal_drm_widevine_exec:s0
#Cleaarkey hal(include lazy hal)
/vendor/bin/hw/android\.hardware\.drm@1\.2-service\.clearkey u:object_r:hal_drm_clearkey_exec:s0
/vendor/bin/hw/android\.hardware\.drm@1\.2-service-lazy\.clearkey u:object_r:hal_drm_clearkey_exec:s0

11
non_plat/hal_drm_clearkey.te Normal file
View File

@ -0,0 +1,11 @@
# policy for /vendor/bin/hw/android.hardware.drm@1.1-service.clearkey
type hal_drm_clearkey, domain;
type hal_drm_clearkey_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(hal_drm_clearkey)
hal_server_domain(hal_drm_clearkey, hal_drm)
vndbinder_use(hal_drm_clearkey);
allow hal_drm_clearkey { appdomain -isolated_app }:fd use;

16
non_plat/hal_drm_widevine.te Normal file
View File

@ -0,0 +1,16 @@
# define SELinux domain
type hal_drm_widevine, domain;
hal_server_domain(hal_drm_widevine, hal_drm)
type hal_drm_widevine_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(hal_drm_widevine)
allow hal_drm_widevine mediacodec:fd use;
allow hal_drm_widevine { appdomain -isolated_app }:fd use;
vndbinder_use(hal_drm_widevine);
hal_client_domain(hal_drm_widevine, hal_graphics_composer);
allow hal_drm_widevine hal_allocator_server:fd use;
allow hal_drm_widevine mediadrm_vendor_data_file:dir create_dir_perms;
allow hal_drm_widevine mediadrm_vendor_data_file:file create_file_perms;