22380a4614
/dev/tee* are accessed by domains that interact with TEE and thus require access to them too. Test: Boot and observe that denials are not visible in logs anymore Signed-off-by: Aayush Gupta <aayushgupta219@gmail.com> Change-Id: I7b0944a1063da8561d2928e4110674ce4845ecea
18 lines
665 B
Plaintext
18 lines
665 B
Plaintext
# define SELinux domain
|
|
type hal_drm_widevine, domain;
|
|
hal_server_domain(hal_drm_widevine, hal_drm)
|
|
|
|
type hal_drm_widevine_exec, exec_type, vendor_file_type, file_type;
|
|
init_daemon_domain(hal_drm_widevine)
|
|
|
|
allow hal_drm_widevine mediacodec:fd use;
|
|
allow hal_drm_widevine { appdomain -isolated_app }:fd use;
|
|
|
|
vndbinder_use(hal_drm_widevine);
|
|
hal_client_domain(hal_drm_widevine, hal_graphics_composer);
|
|
allow hal_drm_widevine hal_allocator_server:fd use;
|
|
allow hal_drm_widevine mediadrm_vendor_data_file:dir create_dir_perms;
|
|
allow hal_drm_widevine mediadrm_vendor_data_file:file create_file_perms;
|
|
|
|
allow hal_drm_widevine teei_client_device:chr_file rw_file_perms;
|