tangorpro: sepolicy: Add missing castkey sepolicy

Change-Id: I24045ad4ebd36912d434042ed11d0d4ab5f1af9b
2025-06-22 13:53:50 +03:00 · 2025-06-22 13:53:50 +03:00 · ef7e54bbb0
commit ef7e54bbb0
parent ddc7d0a6fd
5 changed files with 19 additions and 0 deletions
--- a/sepolicy/castkey/file.te
+++ b/sepolicy/castkey/file.te
@ -0,0 +1 @@
+type device_cert_file, file_type, vendor_persist_type;
--- a/sepolicy/castkey/file_contexts
+++ b/sepolicy/castkey/file_contexts
@ -0,0 +1,4 @@
+/vendor/bin/hw/android\.hardware\.drm-service\.castkey u:object_r:hal_drm_cast_exec:s0
+
+# Cert
+/mnt/vendor/persist/nest/cast_auth\.crt                u:object_r:device_cert_file:s0
--- a/sepolicy/castkey/hal_drm_castkey.te
+++ b/sepolicy/castkey/hal_drm_castkey.te
@ -0,0 +1,10 @@
+type hal_drm_cast, domain;
+type hal_drm_cast_exec, vendor_file_type, exec_type, file_type;
+init_daemon_domain(hal_drm_cast)
+
+hal_server_domain(hal_drm_cast, hal_drm)
+
+# Cert
+allow hal_drm_cast mnt_vendor_file:dir search;
+allow hal_drm_cast persist_file:dir search;
+allow hal_drm_cast device_cert_file:file r_file_perms;
--- a/sepolicy/castkey/service_contexts
+++ b/sepolicy/castkey/service_contexts
@ -0,0 +1 @@
+android.hardware.drm.IDrmFactory/castkey                         u:object_r:hal_drm_service:s0
--- a/sepolicy/tangorpro-sepolicy.mk
+++ b/sepolicy/tangorpro-sepolicy.mk
@ -2,6 +2,9 @@
 BOARD_SEPOLICY_DIRS += device/google/tangorpro/sepolicy/vendor
 BOARD_SEPOLICY_DIRS += device/google/tangorpro/sepolicy/tracking_denials

+# castkey
+BOARD_SEPOLICY_DIRS += device/google/tangorpro/sepolicy/castkey
+
 # fingerprint
 BOARD_SEPOLICY_DIRS += device/google/tangorpro/sepolicy/fingerprint_capacitance
				`@ -0,0 +1 @@`
				`type device_cert_file, file_type, vendor_persist_type;`
				`@ -0,0 +1 @@`
				`android.hardware.drm.IDrmFactory/castkey u:object_r:hal_drm_service:s0`