mirror of
https://github.com/AetherDroid/android_device_samsung_universal7570-common.git
synced 2025-09-04 23:47:47 -04:00
universal7870: rework drm sepolicy
This commit is contained in:
Alejandro
parent
b2dd95350b
commit
2356defaed
6 changed files with 51 additions and 3 deletions
|
|
@ -51,11 +51,15 @@ type sysfs_sswap, sysfs_type, fs_type, mlstrustedobject;
|
|||
|
||||
### data types
|
||||
type biometrics_vendor_data_file, file_type, data_file_type;
|
||||
type camera_vendor_data_file, file_type, data_file_type;
|
||||
type conn_vendor_data_file, file_type, data_file_type;
|
||||
type display_vendor_data_file, file_type, data_file_type;
|
||||
type gk_vendor_data_file, file_type, data_file_type;
|
||||
type gps_vendor_data_file, file_type, data_file_type;
|
||||
type log_vendor_data_file, file_type, data_file_type;
|
||||
type log_cbd_vendor_data_file, file_type, data_file_type;
|
||||
type media_vendor_data_file, file_type, data_file_type;
|
||||
type mediadrm_vendor_data_file, file_type, data_file_type;
|
||||
type radio_vendor_data_file, file_type, data_file_type;
|
||||
type sswap_vendor_data_file, file_type, data_file_type;
|
||||
type wifi_vendor_data_file, file_type, data_file_type;
|
||||
|
|
@ -87,7 +87,6 @@
|
|||
/data/\.cid\.info u:object_r:wifi_data_file:s0
|
||||
/data/misc/conn/\.wifiver\.info u:object_r:wifi_data_file:s0
|
||||
/data/misc/radio(/.*)? u:object_r:radio_data_file:s0
|
||||
/data/vendor/display(/.*)? u:object_r:display_vendor_data_file:s0
|
||||
|
||||
# gps
|
||||
/data/system/gps(/.*)? u:object_r:gps_data_file:s0
|
||||
|
|
@ -109,6 +108,13 @@
|
|||
/data/vendor/log/cbd(/.*)? u:object_r:log_cbd_vendor_data_file:s0
|
||||
/data/vendor/secradio(/.*)? u:object_r:radio_vendor_data_file:s0
|
||||
|
||||
/data/vendor/camera(/.*)? u:object_r:camera_vendor_data_file:s0
|
||||
/data/vendor/display(/.*)? u:object_r:display_vendor_data_file:s0
|
||||
/data/vendor/media(/.*)? u:object_r:media_vendor_data_file:s0
|
||||
/data/vendor/mediadrm(/.*)? u:object_r:mediadrm_vendor_data_file:s0
|
||||
/data/vendor/gk(/.*)? u:object_r:gk_vendor_data_file:s0
|
||||
/data/camera(/.*)? u:object_r:camera_data_file:s0
|
||||
|
||||
####################################
|
||||
# sysfs files
|
||||
#/sys/class/power_supply/battery/music -- u:object_r:sysfs_writable:s0
|
||||
|
|
@ -202,6 +208,9 @@
|
|||
/(vendor|system/vendor)/bin/hw/vendor\.lineage\.livedisplay@2\.0-service\.samsung-exynos u:object_r:hal_lineage_livedisplay_sysfs_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/vendor\.lineage\.touch@1\.0-service\.samsung u:object_r:hal_lineage_touch_default_exec:s0
|
||||
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.drm@[0-9]\.[0-9]-service\.clearkey u:object_r:hal_drm_clearkey_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.drm@[0-9]\.[0-9]-service\.widevine u:object_r:hal_drm_widevine_exec:s0
|
||||
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.light@2\.0-service\.samsung u:object_r:hal_light_default_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.samsung u:object_r:hal_fingerprint_default_exec:s0
|
||||
/(vendor|system/vendor)/bin/hw/android\.hardware\.power@1\.0-service\.exynos u:object_r:hal_power_default_exec:s0
|
||||
|
|
|
|||
10
sepolicy/hal_drm_clearkey.te
Normal file
10
sepolicy/hal_drm_clearkey.te
Normal file
|
|
@ -0,0 +1,10 @@
|
|||
# hal_drm_clearkey.te
|
||||
|
||||
type hal_drm_clearkey, domain;
|
||||
hal_server_domain(hal_drm_clearkey, hal_drm)
|
||||
|
||||
type hal_drm_clearkey_exec, exec_type, vendor_file_type, file_type;
|
||||
init_daemon_domain(hal_drm_clearkey)
|
||||
|
||||
hwbinder_use(hal_drm_clearkey)
|
||||
get_prop(hal_drm_clearkey, hwservicemanager_prop)
|
||||
|
|
@ -6,5 +6,5 @@ allow hal_drm_default tee:unix_stream_socket connectto;
|
|||
allow hal_drm_default efs_file:dir search;
|
||||
allow hal_drm_default cpk_efs_file:file r_file_perms;
|
||||
|
||||
# allow hal_drm_default media_data_vendor_file:file create_file_perms;
|
||||
# allow hal_drm_default media_data_vendor_file:dir create_dir_perms;
|
||||
allow hal_drm_default media_vendor_data_file:file create_file_perms;
|
||||
allow hal_drm_default media_vendor_data_file:dir create_dir_perms;
|
||||
|
|
|
|||
23
sepolicy/hal_drm_widevine.te
Normal file
23
sepolicy/hal_drm_widevine.te
Normal file
|
|
@ -0,0 +1,23 @@
|
|||
# hal_drm_widevine.te
|
||||
type hal_drm_widevine, domain;
|
||||
hal_server_domain(hal_drm_widevine, hal_drm)
|
||||
|
||||
type hal_drm_widevine_exec, exec_type, vendor_file_type, file_type;
|
||||
init_daemon_domain(hal_drm_widevine)
|
||||
|
||||
allow hal_drm_widevine mediacodec:fd use;
|
||||
allow hal_drm_widevine { appdomain -isolated_app }:fd use;
|
||||
|
||||
# /data/vendor/mediadrm/
|
||||
allow hal_drm_widevine mediadrm_vendor_data_file:dir create_dir_perms;
|
||||
allow hal_drm_widevine mediadrm_vendor_data_file:file create_file_perms;
|
||||
|
||||
# /dev/s5p-smem
|
||||
allow hal_drm_widevine secmem_device:chr_file rw_file_perms;
|
||||
|
||||
# /dev/tzdev
|
||||
#allow hal_drm_widevine tz_user_device:chr_file rw_file_perms;
|
||||
|
||||
# /efs/wv.keys
|
||||
allow hal_drm_widevine efs_file:dir search;
|
||||
allow hal_drm_widevine sec_efs_file:file r_file_perms;
|
||||
|
|
@ -93,3 +93,5 @@ allow init proc_sec:file { rw_file_perms setattr };
|
|||
|
||||
# Sockets
|
||||
allow init socket_device:sock_file { read write getattr setattr create unlink };
|
||||
|
||||
# allow init hal_drm_hwservice:hwservice_manager add;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue