Revert^2 "add sepolicy type for widevine/drm hal in system" This reverts commit a0e696357c7f3da72ebdb6237b2343e6b8a7afac. Reason for revert: https://googleplex-android-review.git.corp.google.com/q/hashtag:%22b/398929391%22+(status:open%20OR%20status:merged) Change-Id: I379734cc1adb33b874ba35daa9ace7485c79baa8

commit: acfeaa6010dc653e91f3696c093024239824b699 [log] [tgz]
author: Armelle Laine <armellel@google.com> Thu Feb 27 22:17:51 2025 -0800
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Thu Feb 27 22:17:51 2025 -0800
tree: b92934d0b801a4b9108f61e86c4b38a903ab7bab
parent: a0e696357c7f3da72ebdb6237b2343e6b8a7afac [diff] [blame]
diff --git a/private/hal_drm.te b/private/hal_drm.te
index 211fbb7..f24c326 100644
--- a/private/hal_drm.te
+++ b/private/hal_drm.te

@@ -33,7 +33,7 @@
 allow hal_drm_server shell:fifo_file write;
 
 # Allow access to ion memory allocation device
-allow hal_drm ion_device:chr_file rw_file_perms;
+allow { hal_drm -hal_widevine_system } ion_device:chr_file rw_file_perms;
 allow hal_drm hal_graphics_allocator:fd use;
 
 # Allow access to hidl_memory allocation service
@@ -42,9 +42,9 @@
 # Allow access to fds allocated by mediaserver
 allow hal_drm mediaserver:fd use;
 
-allow hal_drm sysfs:file r_file_perms;
+allow { hal_drm -hal_widevine_system } sysfs:file r_file_perms;
 
-allow hal_drm tee_device:chr_file rw_file_perms;
+allow { hal_drm -hal_widevine_system } tee_device:chr_file rw_file_perms;
 
 allow hal_drm_server { appdomain -isolated_app }:fd use;
commit	acfeaa6010dc653e91f3696c093024239824b699	[log] [tgz]
author	Armelle Laine <armellel@google.com>	Thu Feb 27 22:17:51 2025 -0800
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Thu Feb 27 22:17:51 2025 -0800
tree	b92934d0b801a4b9108f61e86c4b38a903ab7bab
parent	a0e696357c7f3da72ebdb6237b2343e6b8a7afac [diff] [blame]