Add selinux policy to enable access to DVB API on Android TV
Bug: 20112245
Change-Id: I57a58905b0de714d4e9153e61a3bf29ac51624c8
diff --git a/products/atv_base.mk b/products/atv_base.mk
index 73d946b..d1db059 100644
--- a/products/atv_base.mk
+++ b/products/atv_base.mk
@@ -111,6 +111,9 @@
device/google/atv/permissions/com.google.android.tv.installed.xml:system/etc/permissions/com.google.android.tv.installed.xml
endif
+# To enable access to /dev/dvb*
+BOARD_SEPOLICY_DIRS += device/google/atv/sepolicy
+
$(call inherit-product-if-exists, frameworks/base/data/sounds/AllAudio.mk)
$(call inherit-product-if-exists, external/svox/pico/lang/all_pico_languages.mk)
$(call inherit-product-if-exists, frameworks/base/data/fonts/fonts.mk)
diff --git a/sepolicy/device.te b/sepolicy/device.te
new file mode 100644
index 0000000..adae882
--- /dev/null
+++ b/sepolicy/device.te
@@ -0,0 +1,2 @@
+# DVB API device node
+type dvb_device, dev_type, mlstrustedobject;
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
new file mode 100644
index 0000000..dbb329b
--- /dev/null
+++ b/sepolicy/file_contexts
@@ -0,0 +1,2 @@
+# DVB API device nodes
+/dev/dvb.* u:object_r:dvb_device:s0
diff --git a/sepolicy/system_service.te b/sepolicy/system_service.te
new file mode 100644
index 0000000..d0bef2f
--- /dev/null
+++ b/sepolicy/system_service.te
@@ -0,0 +1 @@
+allow system_server dvb_device:chr_file rw_file_perms;
diff --git a/sepolicy/untrusted_app.te b/sepolicy/untrusted_app.te
new file mode 100644
index 0000000..8f23f4e
--- /dev/null
+++ b/sepolicy/untrusted_app.te
@@ -0,0 +1 @@
+allow untrusted_app dvb_device:chr_file rw_file_perms;
