From 84aaa5491e31f4a5f89465ecb92ed4fce18fc7a0 Mon Sep 17 00:00:00 2001
From: Snehal <snehalreddy@google.com>
Date: Tue, 13 Aug 2024 14:06:37 +0000
Subject: [PATCH] Init widevine sepolicy

Bug: 354191444

Flag: EXEMPT bugfix

Change-Id: I331c31be2f1478b161a9af1d0c49506b717c30d2
---
 widevine/sepolicy/file.te             | 3 +++
 widevine/sepolicy/file_contexts       | 5 +++++
 widevine/sepolicy/hal_drm_clearkey.te | 5 +++++
 widevine/sepolicy/hal_drm_widevine.te | 5 +++++
 widevine/sepolicy/service_contexts    | 1 +
 widevine/widevine_v2.mk               | 2 ++
 6 files changed, 21 insertions(+)
 create mode 100644 widevine/sepolicy/file.te
 create mode 100644 widevine/sepolicy/file_contexts
 create mode 100644 widevine/sepolicy/hal_drm_clearkey.te
 create mode 100644 widevine/sepolicy/hal_drm_widevine.te
 create mode 100644 widevine/sepolicy/service_contexts
 create mode 100644 widevine/widevine_v2.mk

diff --git a/widevine/sepolicy/file.te b/widevine/sepolicy/file.te
new file mode 100644
index 0000000..a1e4e0e
--- /dev/null
+++ b/widevine/sepolicy/file.te
@@ -0,0 +1,3 @@
+# Widevine DRM
+type mediadrm_vendor_data_file, file_type, data_file_type;
+
diff --git a/widevine/sepolicy/file_contexts b/widevine/sepolicy/file_contexts
new file mode 100644
index 0000000..92aed3c
--- /dev/null
+++ b/widevine/sepolicy/file_contexts
@@ -0,0 +1,5 @@
+/vendor/bin/hw/android\.hardware\.drm-service\.widevine          u:object_r:hal_drm_widevine_exec:s0
+/vendor/bin/hw/android\.hardware\.drm-service\.clearkey          u:object_r:hal_drm_clearkey_exec:s0
+
+# Data
+/data/vendor/mediadrm(/.*)?                                      u:object_r:mediadrm_vendor_data_file:s0
diff --git a/widevine/sepolicy/hal_drm_clearkey.te b/widevine/sepolicy/hal_drm_clearkey.te
new file mode 100644
index 0000000..81ecfb9
--- /dev/null
+++ b/widevine/sepolicy/hal_drm_clearkey.te
@@ -0,0 +1,5 @@
+type hal_drm_clearkey, domain;
+type hal_drm_clearkey_exec, vendor_file_type, exec_type, file_type;
+init_daemon_domain(hal_drm_clearkey)
+
+#TODO: snehalreddy@ add sepolicy
diff --git a/widevine/sepolicy/hal_drm_widevine.te b/widevine/sepolicy/hal_drm_widevine.te
new file mode 100644
index 0000000..41e395a
--- /dev/null
+++ b/widevine/sepolicy/hal_drm_widevine.te
@@ -0,0 +1,5 @@
+type hal_drm_widevine, domain;
+type hal_drm_widevine_exec, vendor_file_type, exec_type, file_type;
+init_daemon_domain(hal_drm_widevine)
+
+#TODO: snehalreddy@ add sepolicy
diff --git a/widevine/sepolicy/service_contexts b/widevine/sepolicy/service_contexts
new file mode 100644
index 0000000..6989dde
--- /dev/null
+++ b/widevine/sepolicy/service_contexts
@@ -0,0 +1 @@
+android.hardware.drm.IDrmFactory/widevine    u:object_r:hal_drm_service:s0
diff --git a/widevine/widevine_v2.mk b/widevine/widevine_v2.mk
new file mode 100644
index 0000000..5cd914b
--- /dev/null
+++ b/widevine/widevine_v2.mk
@@ -0,0 +1,2 @@
+include device/google/gs-common/widevine/widevine.mk
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/widevine/sepolicy/
\ No newline at end of file