From e9d02e08f53a6b89fc24858077800def2039f450 Mon Sep 17 00:00:00 2001
From: Adam Shih <adamshih@google.com>
Date: Wed, 20 Oct 2021 10:05:15 +0800
Subject: [PATCH] fix widevine drm access

Bug: 202906980
Test: boot with no relevant logs

Change-Id: Idc37f7e1441d9fae1f570bc53ff67a7a48656ed3
---
 tracking_denials/hal_drm_widevine.te | 4 ----
 widevine/hal_drm_widevine.te         | 2 ++
 2 files changed, 2 insertions(+), 4 deletions(-)
 delete mode 100644 tracking_denials/hal_drm_widevine.te

diff --git a/tracking_denials/hal_drm_widevine.te b/tracking_denials/hal_drm_widevine.te
deleted file mode 100644
index 577c7424..00000000
--- a/tracking_denials/hal_drm_widevine.te
+++ /dev/null
@@ -1,4 +0,0 @@
-# b/202906980
-dontaudit hal_drm_widevine hal_drm_hwservice:hwservice_manager { add };
-dontaudit hal_drm_widevine hal_drm_hwservice:hwservice_manager { find };
-dontaudit hal_drm_widevine hidl_base_hwservice:hwservice_manager { add };
diff --git a/widevine/hal_drm_widevine.te b/widevine/hal_drm_widevine.te
index 0e465719..1ecfa920 100644
--- a/widevine/hal_drm_widevine.te
+++ b/widevine/hal_drm_widevine.te
@@ -2,6 +2,8 @@ type hal_drm_widevine, domain;
 type hal_drm_widevine_exec, vendor_file_type, exec_type, file_type;
 init_daemon_domain(hal_drm_widevine)
 
+hal_server_domain(hal_drm_widevine, hal_drm)
+
 # L3
 allow hal_drm_widevine mediadrm_vendor_data_file:file create_file_perms;
 allow hal_drm_widevine mediadrm_vendor_data_file:dir create_dir_perms;