modulize drm modules

Bug: 199232842 Test: boot with drm modules started Change-Id: Ic02f6c8498a4ac6cbda2b10b0e9647f733b54478
2021-09-08 13:32:02 +08:00 · 2021-09-08 13:32:02 +08:00 · 0a091e5308
commit 0a091e5308
parent ba469d27e4
7 changed files with 18 additions and 14 deletions
--- a/legacy/file.te
+++ b/legacy/file.te
@ -58,9 +58,6 @@ type sysfs_wifi, sysfs_type, fs_type;
 # All files under /data/vendor/firmware/wifi
 type updated_wifi_firmware_data_file, file_type, data_file_type;

-# Widevine DRM
-type mediadrm_vendor_data_file, file_type, data_file_type;
-
 # Storage Health HAL
 type sysfs_scsi_devices_0000, sysfs_type, fs_type;
 type debugfs_f2fs, debugfs_type, fs_type;
--- a/legacy/file_contexts
+++ b/legacy/file_contexts
@ -1,8 +1,6 @@
 #
 # Exynos HAL
 #
-/(vendor|system/vendor)/bin/hw/android\.hardware\.drm@1\.4-service\.widevine                    u:object_r:hal_drm_default_exec:s0
-/(vendor|system/vendor)/bin/hw/android\.hardware\.drm@[0-9]+\.[0-9]+-service\.clearkey          u:object_r:hal_drm_clearkey_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.usb@1\.0-service32                            u:object_r:hal_usb_default_exec:s0
 /(vendor|system/vendor)/bin/hw/vendor\.samsung_slsi\.hardware\.ExynosHWCServiceTW@1\.0-service  u:object_r:hal_vendor_hwcservice_default_exec:s0
 /(vendor|system/vendor)/bin/hw/vendor\.samsung_slsi\.hardware\.power@1\.0-service               u:object_r:hal_power_default_exec:s0
@ -59,9 +57,6 @@

 /persist/sensorcal\.json     u:object_r:sensors_cal_file:s0

-# data files
-/data/vendor/mediadrm(/.*)?  u:object_r:mediadrm_vendor_data_file:s0
-
 # Camera
 /vendor/bin/hw/android\.hardware\.camera\.provider@2\.7-service-google  u:object_r:hal_camera_default_exec:s0
 /vendor/lib64/camera                                                    u:object_r:vendor_camera_tuning_file:s0
--- a/legacy/hal_drm_default.te
+++ b/legacy/hal_drm_default.te
@ -1,6 +0,0 @@
-# L3
-allow hal_drm_default mediadrm_vendor_data_file:file create_file_perms;
-allow hal_drm_default mediadrm_vendor_data_file:dir create_dir_perms;
-
-# L1
-allow hal_drm_default dmabuf_system_heap_device:chr_file r_file_perms;
--- a/widevine/file.te
+++ b/widevine/file.te
@ -0,0 +1,3 @@
+# Widevine DRM
+type mediadrm_vendor_data_file, file_type, data_file_type;
+
--- a/widevine/file_contexts
+++ b/widevine/file_contexts
@ -0,0 +1,5 @@
+/vendor/bin/hw/android\.hardware\.drm@1\.4-service\.widevine                    u:object_r:hal_drm_widevine_exec:s0
+/vendor/bin/hw/android\.hardware\.drm@[0-9]+\.[0-9]+-service\.clearkey          u:object_r:hal_drm_clearkey_exec:s0
+
+# Data
+/data/vendor/mediadrm(/.*)?                                                     u:object_r:mediadrm_vendor_data_file:s0
--- a/widevine/hal_drm_clearkey.te
+++ b/widevine/hal_drm_clearkey.te
--- a/widevine/hal_drm_widevine.te
+++ b/widevine/hal_drm_widevine.te
@ -0,0 +1,10 @@
+type hal_drm_widevine, domain;
+type hal_drm_widevine_exec, vendor_file_type, exec_type, file_type;
+init_daemon_domain(hal_drm_widevine)
+
+# L3
+allow hal_drm_widevine mediadrm_vendor_data_file:file create_file_perms;
+allow hal_drm_widevine mediadrm_vendor_data_file:dir create_dir_perms;
+
+# L1
+allow hal_drm_widevine dmabuf_system_heap_device:chr_file r_file_perms;