Merge "gs-common: nfc: st21nfc: Add rules for android.hardware.nfc-service.st" into main
diff --git a/storage/sepolicy/device.te b/storage/sepolicy/device.te
index e0968f9..1252ee0 100644
--- a/storage/sepolicy/device.te
+++ b/storage/sepolicy/device.te
@@ -1,2 +1,11 @@
# Userdata Exp block device.
type userdata_exp_block_device, dev_type;
+
+# Block Devices
+type persist_block_device, dev_type;
+type efs_block_device, dev_type;
+type modem_userdata_block_device, dev_type;
+
+# Storage firmware upgrade
+type ufs_internal_block_device, dev_type;
+
diff --git a/storage/sepolicy/file_contexts b/storage/sepolicy/file_contexts
index 30335eb..1ef5a67 100644
--- a/storage/sepolicy/file_contexts
+++ b/storage/sepolicy/file_contexts
@@ -1,6 +1,9 @@
+# storage
/vendor/bin/dump/dump_storage u:object_r:dump_storage_exec:s0
/sys/devices/platform/[0-9a-z]+\.ufs/pixel/enable_pixel_ufs_logging u:object_r:sysfs_scsi_devices_0000:s0
/dev/sg[0-9] u:object_r:sg_device:s0
/data/vendor/storage(/.*)? u:object_r:dump_storage_data_file:s0
/vendor/bin/sg_read_buffer u:object_r:sg_util_exec:s0
/dev/block/by-name/userdata_exp.* u:object_r:userdata_exp_block_device:s0
+/vendor/bin/ufs_firmware_update\.sh u:object_r:ufs_firmware_update_exec:s0
+
diff --git a/storage/sepolicy/ufs_firmware_update.te b/storage/sepolicy/ufs_firmware_update.te
index 1b92976..2313121 100644
--- a/storage/sepolicy/ufs_firmware_update.te
+++ b/storage/sepolicy/ufs_firmware_update.te
@@ -1,5 +1,7 @@
# support ufs ffu via ota
init_daemon_domain(ufs_firmware_update)
+type ufs_firmware_update, domain;
+type ufs_firmware_update_exec, vendor_file_type, exec_type, file_type;
# support ufs ffu via ota
allow ufs_firmware_update vendor_toolbox_exec:file execute_no_trans;
diff --git a/widevine/sepolicy/hal_drm_clearkey.te b/widevine/sepolicy/hal_drm_clearkey.te
index 81ecfb9..fff4f0d 100644
--- a/widevine/sepolicy/hal_drm_clearkey.te
+++ b/widevine/sepolicy/hal_drm_clearkey.te
@@ -1,5 +1,6 @@
+# sepolicy for DRM clearkey
type hal_drm_clearkey, domain;
type hal_drm_clearkey_exec, vendor_file_type, exec_type, file_type;
init_daemon_domain(hal_drm_clearkey)
-#TODO: snehalreddy@ add sepolicy
+hal_server_domain(hal_drm_clearkey, hal_drm)
diff --git a/widevine/sepolicy/hal_drm_widevine.te b/widevine/sepolicy/hal_drm_widevine.te
index 41e395a..9b4792e 100644
--- a/widevine/sepolicy/hal_drm_widevine.te
+++ b/widevine/sepolicy/hal_drm_widevine.te
@@ -1,5 +1,13 @@
+# sepolicy for DRM widevine
type hal_drm_widevine, domain;
type hal_drm_widevine_exec, vendor_file_type, exec_type, file_type;
init_daemon_domain(hal_drm_widevine)
-#TODO: snehalreddy@ add sepolicy
+hal_server_domain(hal_drm_widevine, hal_drm)
+
+# L3
+allow hal_drm_widevine mediadrm_vendor_data_file:file create_file_perms;
+allow hal_drm_widevine mediadrm_vendor_data_file:dir create_dir_perms;
+
+#L1
+#TODO(snehalreddy@) : Add L1 permissions