583196d1e8
Widevine provides a script in /vendor/widevine/ libwvdrmengine/move_widevine_data.sh that copies the data files from /data to /data/vendor. Some sepolicy rules are required to enable the device to run this script. MTK-Commit-Id: f7aba378699fc68e4e10ed2ed2b812c1e502e66f Change-Id: I2731ad21da180a1a5f927c5631dcc579da1dc314 CR-Id: ALPS03982747 Feature: [Android Default] SELinux, SEAndroid, and SE-MTK
20 lines
863 B
Plaintext
20 lines
863 B
Plaintext
type move-widevine-data-sh, domain, coredomain;
|
|
type move-widevine-data-sh_exec, exec_type, file_type;
|
|
init_daemon_domain(move-widevine-data-sh);
|
|
|
|
typeattribute move-widevine-data-sh data_between_core_and_vendor_violators;
|
|
|
|
allow move-widevine-data-sh shell_exec:file rx_file_perms;
|
|
allow move-widevine-data-sh toolbox_exec:file rx_file_perms;
|
|
|
|
allow move-widevine-data-sh file_contexts_file:file { read getattr open };
|
|
|
|
allow move-widevine-data-sh media_data_file:file { getattr setattr relabelfrom };
|
|
allow move-widevine-data-sh media_data_file:dir { reparent rename rmdir setattr rw_dir_perms relabelfrom };
|
|
|
|
allow move-widevine-data-sh mediadrm_vendor_data_file:dir { create_dir_perms relabelto };
|
|
|
|
# for writing files_moved so we only execute the move once
|
|
allow move-widevine-data-sh mediadrm_vendor_data_file:file { create open write getattr relabelto };
|
|
|