commit ea494f23bdc82ea546affd669a1ed7157b7dfa43
author Armelle Laine <armellel@google.com> Fri Jan 24 23:32:02 2025 +0000
committer Armelle Laine <armellel@google.com> Sun Feb 23 07:45:13 2025 +0000
tree b92934d0b801a4b9108f61e86c4b38a903ab7bab
parent 87df87e2f4bc35e7ba6129d5057c6091cbc2d8ae

add sepolicy type for widevine/drm hal in system

Bug: 371777025
Test: lunch qemu_trusty_arm64-trunk_staging-userdebug
Change-Id: I4eb0cbd376ad598c6b9dc7a9ed32e696225bc253

private/hal_widevine_system.te

diff --git a/private/hal_widevine_system.te b/private/hal_widevine_system.te
new file mode 100644
index 0000000..57213b3
--- /dev/null
+++ b/private/hal_widevine_system.te
@@ -0,0 +1,7 @@
+type hal_widevine_system, domain, coredomain;
+hal_server_domain(hal_widevine_system, hal_drm)
+
+type hal_widevine_system_exec, exec_type, system_file_type, file_type;
+init_daemon_domain(hal_widevine_system)
+
+allow hal_widevine_system self:vsock_socket { create_socket_perms_no_ioctl };