Merge "Add widevine SELinux permissions" into main

commit: 13e34cc96a83c2d8b0b58b34206586c07e9feda3 [log] [tgz]
author: Snehal Koukuntla <snehalreddy@google.com> Wed Sep 04 08:42:49 2024 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> Wed Sep 04 08:42:49 2024 +0000
tree: 5946e2ca68f60cff2e0cb416f89e529c91881c54
parent: 6ec23c152f7da13f6e908d13bbe6d86aa0d8fa9a [diff]
parent: bd3767ae16a3e11166c95d9ecd3bbccc5800ba09 [diff]
diff --git a/widevine/sepolicy/hal_drm_clearkey.te b/widevine/sepolicy/hal_drm_clearkey.te
index 81ecfb9..fff4f0d 100644
--- a/widevine/sepolicy/hal_drm_clearkey.te
+++ b/widevine/sepolicy/hal_drm_clearkey.te

@@ -1,5 +1,6 @@
+# sepolicy for DRM clearkey
 type hal_drm_clearkey, domain;
 type hal_drm_clearkey_exec, vendor_file_type, exec_type, file_type;
 init_daemon_domain(hal_drm_clearkey)
 
-#TODO: snehalreddy@ add sepolicy
+hal_server_domain(hal_drm_clearkey, hal_drm)

diff --git a/widevine/sepolicy/hal_drm_widevine.te b/widevine/sepolicy/hal_drm_widevine.te
index 41e395a..9b4792e 100644
--- a/widevine/sepolicy/hal_drm_widevine.te
+++ b/widevine/sepolicy/hal_drm_widevine.te

@@ -1,5 +1,13 @@
+# sepolicy for DRM widevine
 type hal_drm_widevine, domain;
 type hal_drm_widevine_exec, vendor_file_type, exec_type, file_type;
 init_daemon_domain(hal_drm_widevine)
 
-#TODO: snehalreddy@ add sepolicy
+hal_server_domain(hal_drm_widevine, hal_drm)
+
+# L3
+allow hal_drm_widevine mediadrm_vendor_data_file:file create_file_perms;
+allow hal_drm_widevine mediadrm_vendor_data_file:dir create_dir_perms;
+
+#L1
+#TODO(snehalreddy@) : Add L1 permissions
commit	13e34cc96a83c2d8b0b58b34206586c07e9feda3	[log] [tgz]
author	Snehal Koukuntla <snehalreddy@google.com>	Wed Sep 04 08:42:49 2024 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	Wed Sep 04 08:42:49 2024 +0000
tree	5946e2ca68f60cff2e0cb416f89e529c91881c54
parent	6ec23c152f7da13f6e908d13bbe6d86aa0d8fa9a [diff]
parent	bd3767ae16a3e11166c95d9ecd3bbccc5800ba09 [diff]