From 0a091e530835bc34f348dc513ca4db2471b96b37 Mon Sep 17 00:00:00 2001 From: Adam Shih Date: Wed, 8 Sep 2021 13:32:02 +0800 Subject: [PATCH] modulize drm modules Bug: 199232842 Test: boot with drm modules started Change-Id: Ic02f6c8498a4ac6cbda2b10b0e9647f733b54478 --- legacy/file.te | 3 --- legacy/file_contexts | 5 ----- legacy/hal_drm_default.te | 6 ------ widevine/file.te | 3 +++ widevine/file_contexts | 5 +++++ {legacy => widevine}/hal_drm_clearkey.te | 0 widevine/hal_drm_widevine.te | 10 ++++++++++ 7 files changed, 18 insertions(+), 14 deletions(-) delete mode 100644 legacy/hal_drm_default.te create mode 100644 widevine/file.te create mode 100644 widevine/file_contexts rename {legacy => widevine}/hal_drm_clearkey.te (100%) create mode 100644 widevine/hal_drm_widevine.te diff --git a/legacy/file.te b/legacy/file.te index f2726328..a2a26abc 100644 --- a/legacy/file.te +++ b/legacy/file.te @@ -58,9 +58,6 @@ type sysfs_wifi, sysfs_type, fs_type; # All files under /data/vendor/firmware/wifi type updated_wifi_firmware_data_file, file_type, data_file_type; -# Widevine DRM -type mediadrm_vendor_data_file, file_type, data_file_type; - # Storage Health HAL type sysfs_scsi_devices_0000, sysfs_type, fs_type; type debugfs_f2fs, debugfs_type, fs_type; diff --git a/legacy/file_contexts b/legacy/file_contexts index 3097fa29..0c685764 100644 --- a/legacy/file_contexts +++ b/legacy/file_contexts @@ -1,8 +1,6 @@ # # Exynos HAL # -/(vendor|system/vendor)/bin/hw/android\.hardware\.drm@1\.4-service\.widevine u:object_r:hal_drm_default_exec:s0 -/(vendor|system/vendor)/bin/hw/android\.hardware\.drm@[0-9]+\.[0-9]+-service\.clearkey u:object_r:hal_drm_clearkey_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.usb@1\.0-service32 u:object_r:hal_usb_default_exec:s0 /(vendor|system/vendor)/bin/hw/vendor\.samsung_slsi\.hardware\.ExynosHWCServiceTW@1\.0-service u:object_r:hal_vendor_hwcservice_default_exec:s0 /(vendor|system/vendor)/bin/hw/vendor\.samsung_slsi\.hardware\.power@1\.0-service u:object_r:hal_power_default_exec:s0 @@ -59,9 +57,6 @@ /persist/sensorcal\.json u:object_r:sensors_cal_file:s0 -# data files -/data/vendor/mediadrm(/.*)? u:object_r:mediadrm_vendor_data_file:s0 - # Camera /vendor/bin/hw/android\.hardware\.camera\.provider@2\.7-service-google u:object_r:hal_camera_default_exec:s0 /vendor/lib64/camera u:object_r:vendor_camera_tuning_file:s0 diff --git a/legacy/hal_drm_default.te b/legacy/hal_drm_default.te deleted file mode 100644 index 30e443a8..00000000 --- a/legacy/hal_drm_default.te +++ /dev/null @@ -1,6 +0,0 @@ -# L3 -allow hal_drm_default mediadrm_vendor_data_file:file create_file_perms; -allow hal_drm_default mediadrm_vendor_data_file:dir create_dir_perms; - -# L1 -allow hal_drm_default dmabuf_system_heap_device:chr_file r_file_perms; diff --git a/widevine/file.te b/widevine/file.te new file mode 100644 index 00000000..a1e4e0ec --- /dev/null +++ b/widevine/file.te @@ -0,0 +1,3 @@ +# Widevine DRM +type mediadrm_vendor_data_file, file_type, data_file_type; + diff --git a/widevine/file_contexts b/widevine/file_contexts new file mode 100644 index 00000000..e1529417 --- /dev/null +++ b/widevine/file_contexts @@ -0,0 +1,5 @@ +/vendor/bin/hw/android\.hardware\.drm@1\.4-service\.widevine u:object_r:hal_drm_widevine_exec:s0 +/vendor/bin/hw/android\.hardware\.drm@[0-9]+\.[0-9]+-service\.clearkey u:object_r:hal_drm_clearkey_exec:s0 + +# Data +/data/vendor/mediadrm(/.*)? u:object_r:mediadrm_vendor_data_file:s0 diff --git a/legacy/hal_drm_clearkey.te b/widevine/hal_drm_clearkey.te similarity index 100% rename from legacy/hal_drm_clearkey.te rename to widevine/hal_drm_clearkey.te diff --git a/widevine/hal_drm_widevine.te b/widevine/hal_drm_widevine.te new file mode 100644 index 00000000..0e465719 --- /dev/null +++ b/widevine/hal_drm_widevine.te @@ -0,0 +1,10 @@ +type hal_drm_widevine, domain; +type hal_drm_widevine_exec, vendor_file_type, exec_type, file_type; +init_daemon_domain(hal_drm_widevine) + +# L3 +allow hal_drm_widevine mediadrm_vendor_data_file:file create_file_perms; +allow hal_drm_widevine mediadrm_vendor_data_file:dir create_dir_perms; + +# L1 +allow hal_drm_widevine dmabuf_system_heap_device:chr_file r_file_perms;