From ea38f5c687cd74241cc46c809bc68ba73693cda4 Mon Sep 17 00:00:00 2001
From: Snehal Koukuntla <snehalreddy@google.com>
Date: Fri, 8 Nov 2024 17:04:21 +0000
Subject: [PATCH] Add widevine SELinux permissions for L1

839   839 I android.hardwar: type=1400 audit(0.0:982): avc:  denied  { read } for  name="system" dev="tmpfs" ino=1313 scontext=u:r:hal_drm_widevine:s0 tcontext=u:object_r:dmabuf_system_heap_device:s0 tclass=chr_file permissive=1

Bug: 363181505
Flag: EXEMPT bugfix
Change-Id: Ib9391b24f03a7306b8ba42c960d4c77c5bf148e8
---
 widevine/sepolicy/hal_drm_widevine.te | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/widevine/sepolicy/hal_drm_widevine.te b/widevine/sepolicy/hal_drm_widevine.te
index 9b4792e..98b49e6 100644
--- a/widevine/sepolicy/hal_drm_widevine.te
+++ b/widevine/sepolicy/hal_drm_widevine.te
@@ -10,4 +10,5 @@ allow hal_drm_widevine mediadrm_vendor_data_file:file create_file_perms;
 allow hal_drm_widevine mediadrm_vendor_data_file:dir create_dir_perms;
 
 #L1
-#TODO(snehalreddy@) : Add L1 permissions
+allow hal_drm_widevine dmabuf_system_heap_device:chr_file r_file_perms;
+