# DRM
PRODUCT_PACKAGES += \
android.hardware.drm@1.0-impl \
- android.hardware.drm@1.0-service
+ android.hardware.drm@1.0-service \
+ android.hardware.drm@1.3-service.clearkey
# Flat device tree for boot image
PRODUCT_HOST_PACKAGES += \
### data types
type display_vendor_data_file, file_type, data_file_type;
+
+type mediadrm_vendor_data_file, file_type, data_file_type;
/(vendor|system/vendor)/bin/hw/vendor\.lineage\.livedisplay@2\.0-service\.samsung-exynos u:object_r:hal_lineage_livedisplay_sysfs_exec:s0
/(vendor|system/vendor)/bin/hw/vendor\.lineage\.touch@1\.0-service\.samsung u:object_r:hal_lineage_touch_default_exec:s0
-
+/(vendor|system/vendor)/bin/hw/android\.hardware\.drm@1\.3-service\.clearkey u:object_r:hal_drm_clearkey_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.light@2\.0-service\.samsung u:object_r:hal_light_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.samsung u:object_r:hal_fingerprint_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.power@1\.0-service\.exynos u:object_r:hal_power_default_exec:s0
--- /dev/null
+# hal_drm_clearkey.te
+
+# policy for /vendor/bin/hw/android.hardware.drm clearkey service
+type hal_drm_clearkey, domain;
+type hal_drm_clearkey_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(hal_drm_clearkey)
+
+hal_server_domain(hal_drm_clearkey, hal_drm)
+
+vndbinder_use(hal_drm_clearkey);
+
+allow hal_drm_clearkey { appdomain -isolated_app }:fd use;
+
+allow hal_drm_clearkey mediadrm_vendor_data_file:dir create_dir_perms;
+allow hal_drm_clearkey mediadrm_vendor_data_file:file create_file_perms;
projects / GitHub / LineageOS / android_device_samsung_universal7580-common.git / commitdiff