From e157b080683cfc5d76ea33644b2d80ede0fb8612 Mon Sep 17 00:00:00 2001
From: Robert Shih <robertshih@google.com>
Date: Mon, 25 Nov 2019 22:25:42 -0800
Subject: [PATCH] universal7580: Enable v1.3 clearkey drm plugin

Bug: 139134043
Test: MediaDrmTest
Change-Id: Ie34e59947577988f75fae52d22e3f573f4b92420
Signed-off-by: Arian <arian.kulmer@web.de>
---
 device-common.mk             |  3 ++-
 sepolicy/file.te             |  2 ++
 sepolicy/file_contexts       |  2 +-
 sepolicy/hal_drm_clearkey.te | 16 ++++++++++++++++
 4 files changed, 21 insertions(+), 2 deletions(-)
 create mode 100644 sepolicy/hal_drm_clearkey.te

diff --git a/device-common.mk b/device-common.mk
index c93a52d..54c3123 100644
--- a/device-common.mk
+++ b/device-common.mk
@@ -55,7 +55,8 @@ PRODUCT_PACKAGES += \
 # DRM
 PRODUCT_PACKAGES += \
     android.hardware.drm@1.0-impl \
-    android.hardware.drm@1.0-service
+    android.hardware.drm@1.0-service \
+    android.hardware.drm@1.3-service.clearkey
 
 # Flat device tree for boot image
 PRODUCT_HOST_PACKAGES += \
diff --git a/sepolicy/file.te b/sepolicy/file.te
index 47d1f33..5ba3899 100644
--- a/sepolicy/file.te
+++ b/sepolicy/file.te
@@ -50,3 +50,5 @@ type sysfs_sswap, sysfs_type, fs_type, mlstrustedobject;
 
 ### data types
 type display_vendor_data_file, file_type, data_file_type;
+
+type mediadrm_vendor_data_file, file_type, data_file_type;
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index 2fcfe4f..339efd7 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -164,7 +164,7 @@
 
 /(vendor|system/vendor)/bin/hw/vendor\.lineage\.livedisplay@2\.0-service\.samsung-exynos    u:object_r:hal_lineage_livedisplay_sysfs_exec:s0
 /(vendor|system/vendor)/bin/hw/vendor\.lineage\.touch@1\.0-service\.samsung                 u:object_r:hal_lineage_touch_default_exec:s0
-
+/(vendor|system/vendor)/bin/hw/android\.hardware\.drm@1\.3-service\.clearkey                u:object_r:hal_drm_clearkey_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.light@2\.0-service\.samsung               u:object_r:hal_light_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.samsung u:object_r:hal_fingerprint_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.power@1\.0-service\.exynos                u:object_r:hal_power_default_exec:s0
diff --git a/sepolicy/hal_drm_clearkey.te b/sepolicy/hal_drm_clearkey.te
new file mode 100644
index 0000000..22ff18c
--- /dev/null
+++ b/sepolicy/hal_drm_clearkey.te
@@ -0,0 +1,16 @@
+# hal_drm_clearkey.te
+
+# policy for /vendor/bin/hw/android.hardware.drm clearkey service
+type hal_drm_clearkey, domain;
+type hal_drm_clearkey_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(hal_drm_clearkey)
+
+hal_server_domain(hal_drm_clearkey, hal_drm)
+
+vndbinder_use(hal_drm_clearkey);
+
+allow hal_drm_clearkey { appdomain -isolated_app }:fd use;
+
+allow hal_drm_clearkey mediadrm_vendor_data_file:dir create_dir_perms;
+allow hal_drm_clearkey mediadrm_vendor_data_file:file create_file_perms;
-- 
2.20.1