From 6d20aad659b0147492cf759e605b54b1e4c85dac Mon Sep 17 00:00:00 2001 From: mtk12101 Date: Sat, 18 Jan 2020 10:18:46 +0800 Subject: [PATCH] [ALPS04737987] Move clearkey and widevine sepolicy to basic repo Basic project which need clearkey and widevine will fail to launch clearkey and widevine process, so we need move clearkey and widevine related sepolicy to basic repo MTK-Commit-Id: 889fb14b0d049c0fb53e1f2a45b43a1ba6700f9f Change-Id: I7b9154b9dcee05be01a2d5f1c7a5f8d365ce4da6 CR-Id: ALPS04737987 Feature: [Android Default] SELinux, SEAndroid, and SE-MTK --- non_plat/file_contexts | 8 ++++++++ non_plat/hal_drm_clearkey.te | 11 +++++++++++ non_plat/hal_drm_widevine.te | 16 ++++++++++++++++ 3 files changed, 35 insertions(+) create mode 100644 non_plat/hal_drm_clearkey.te create mode 100644 non_plat/hal_drm_widevine.te diff --git a/non_plat/file_contexts b/non_plat/file_contexts index c963e84..a9e3c1e 100644 --- a/non_plat/file_contexts +++ b/non_plat/file_contexts @@ -646,3 +646,11 @@ # Date: 2019/07/16 # hdmi hal /(system\/vendor|vendor)/bin/hw/vendor\.mediatek\.hardware\.hdmi@1\.0-service u:object_r:mtk_hal_hdmi_exec:s0 + +#Widevine drm hal(include lazy hal) +/vendor/bin/hw/android\.hardware\.drm@1\.2-service\.widevine u:object_r:hal_drm_widevine_exec:s0 +/vendor/bin/hw/android\.hardware\.drm@1\.2-service-lazy\.widevine u:object_r:hal_drm_widevine_exec:s0 +#Cleaarkey hal(include lazy hal) +/vendor/bin/hw/android\.hardware\.drm@1\.2-service\.clearkey u:object_r:hal_drm_clearkey_exec:s0 +/vendor/bin/hw/android\.hardware\.drm@1\.2-service-lazy\.clearkey u:object_r:hal_drm_clearkey_exec:s0 + diff --git a/non_plat/hal_drm_clearkey.te b/non_plat/hal_drm_clearkey.te new file mode 100644 index 0000000..976b9fa --- /dev/null +++ b/non_plat/hal_drm_clearkey.te @@ -0,0 +1,11 @@ +# policy for /vendor/bin/hw/android.hardware.drm@1.1-service.clearkey +type hal_drm_clearkey, domain; +type hal_drm_clearkey_exec, exec_type, vendor_file_type, file_type; + +init_daemon_domain(hal_drm_clearkey) + +hal_server_domain(hal_drm_clearkey, hal_drm) + +vndbinder_use(hal_drm_clearkey); + +allow hal_drm_clearkey { appdomain -isolated_app }:fd use; diff --git a/non_plat/hal_drm_widevine.te b/non_plat/hal_drm_widevine.te new file mode 100644 index 0000000..c3705ba --- /dev/null +++ b/non_plat/hal_drm_widevine.te @@ -0,0 +1,16 @@ +# define SELinux domain +type hal_drm_widevine, domain; +hal_server_domain(hal_drm_widevine, hal_drm) + +type hal_drm_widevine_exec, exec_type, vendor_file_type, file_type; +init_daemon_domain(hal_drm_widevine) + +allow hal_drm_widevine mediacodec:fd use; +allow hal_drm_widevine { appdomain -isolated_app }:fd use; + +vndbinder_use(hal_drm_widevine); +hal_client_domain(hal_drm_widevine, hal_graphics_composer); +allow hal_drm_widevine hal_allocator_server:fd use; +allow hal_drm_widevine mediadrm_vendor_data_file:dir create_dir_perms; +allow hal_drm_widevine mediadrm_vendor_data_file:file create_file_perms; +