From 67ea1fb3ae80b4ba15fafb347712ac8b2b28bee5 Mon Sep 17 00:00:00 2001 From: Konsta Date: Sat, 15 Mar 2025 02:20:23 +0200 Subject: [PATCH] drm: switch clearkey to apex --- device.mk | 2 +- sepolicy/file.te | 1 + sepolicy/file_contexts | 3 +-- sepolicy/hal_drm_clearkey.te | 7 +------ sepolicy/hal_drm_widevine.te | 11 +++-------- 5 files changed, 7 insertions(+), 17 deletions(-) create mode 100644 sepolicy/file.te diff --git a/device.mk b/device.mk index 18da6f8..09b8cb1 100644 --- a/device.mk +++ b/device.mk @@ -148,7 +148,7 @@ PRODUCT_SET_DEBUGFS_RESTRICTIONS := false # DRM PRODUCT_PACKAGES += \ - android.hardware.drm-service.clearkey + com.android.hardware.drm.clearkey # Emergency info PRODUCT_PACKAGES += \ diff --git a/sepolicy/file.te b/sepolicy/file.te new file mode 100644 index 0000000..3afd706 --- /dev/null +++ b/sepolicy/file.te @@ -0,0 +1 @@ +type mediadrm_vendor_data_file, file_type, data_file_type; diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts index b68e8f3..716a3e4 100644 --- a/sepolicy/file_contexts +++ b/sepolicy/file_contexts @@ -7,8 +7,7 @@ /vendor/bin/hw/android\.hardware\.tv\.cec@1\.0-service\.rpi u:object_r:hal_tv_cec_default_exec:s0 # DRM -/vendor/bin/hw/android\.hardware\.drm-service\.clearkey u:object_r:hal_drm_clearkey_exec:s0 -/vendor/bin/hw/android\.hardware\.drm-service\.widevine(.*)? u:object_r:hal_drm_widevine_exec:s0 +/data/vendor/mediadrm(/.*)? u:object_r:mediadrm_vendor_data_file:s0 # FFmpeg /vendor/bin/hw/android\.hardware\.media\.c2@1\.2-service-ffmpeg u:object_r:mediacodec_exec:s0 diff --git a/sepolicy/hal_drm_clearkey.te b/sepolicy/hal_drm_clearkey.te index 624e17f..0e0a5c2 100644 --- a/sepolicy/hal_drm_clearkey.te +++ b/sepolicy/hal_drm_clearkey.te @@ -1,10 +1,5 @@ type hal_drm_clearkey, domain; -type hal_drm_clearkey_exec, exec_type, vendor_file_type, file_type; - +type hal_drm_clearkey_exec, vendor_file_type, exec_type, file_type; init_daemon_domain(hal_drm_clearkey) hal_server_domain(hal_drm_clearkey, hal_drm) - -vndbinder_use(hal_drm_clearkey); - -allow hal_drm_clearkey hal_allocator_server:fd use; diff --git a/sepolicy/hal_drm_widevine.te b/sepolicy/hal_drm_widevine.te index 669a93c..08b6582 100644 --- a/sepolicy/hal_drm_widevine.te +++ b/sepolicy/hal_drm_widevine.te @@ -1,13 +1,8 @@ type hal_drm_widevine, domain; -type hal_drm_widevine_exec, exec_type, vendor_file_type, file_type; - +type hal_drm_widevine_exec, vendor_file_type, exec_type, file_type; init_daemon_domain(hal_drm_widevine) hal_server_domain(hal_drm_widevine, hal_drm) -vndbinder_use(hal_drm_widevine); - -allow hal_drm_widevine hal_allocator_server:fd use; -allow hal_drm mediacodec:fd use; - -hal_client_domain(hal_drm_widevine, hal_graphics_composer); +allow hal_drm_widevine mediadrm_vendor_data_file:file create_file_perms; +allow hal_drm_widevine mediadrm_vendor_data_file:dir create_dir_perms;