commit a8622232c91685b7d86991e4ff07bfd01dc81b5a
author Robert Shih <robertshih@google.com> Tue Sep 01 00:41:05 2020 -0700
committer Robert Shih <robertshih@google.com> Wed Oct 28 18:31:30 2020 +0000
tree 7b520664b102997209b70d38f20c0855cc4ea1cb
parent 56b67440bbc3d5ded5d2fd29749144cc6029ea6f

Add SEPolicy rule for hal_drm_widevine

1. Add node /dev/qce.
2. Allow hal_drm_widevine r/w qce_device

Test: GtsMediaTestCases
Bug: 164895342
Change-Id: I31a8d587477a18466a9e189be9b24bbcfdb76a6b

vendor/qcom/common/file_contexts

diff --git a/vendor/qcom/common/file_contexts b/vendor/qcom/common/file_contexts
index f329e37..9004bb2 100644
--- a/vendor/qcom/common/file_contexts
+++ b/vendor/qcom/common/file_contexts
@@ -275,6 +275,7 @@
 /dev/msm_.*                                     u:object_r:audio_device:s0
 /dev/ramdump_.*                                 u:object_r:ramdump_device:s0
 /dev/at_.*                                      u:object_r:at_device:s0
+/dev/qce                                        u:object_r:qce_device:s0
 
 # dev socket nodes
 /dev/socket/ipacm_log_file                      u:object_r:ipacm_socket:s0

vendor/qcom/common/hal_drm_widevine.te

diff --git a/vendor/qcom/common/hal_drm_widevine.te b/vendor/qcom/common/hal_drm_widevine.te
index 0b3e295..2f8fbdd 100644
--- a/vendor/qcom/common/hal_drm_widevine.te
+++ b/vendor/qcom/common/hal_drm_widevine.te
@@ -11,3 +11,5 @@
 binder_call(hal_drm_widevine, hal_graphics_composer_default)
 
 allow hal_drm_widevine { appdomain -isolated_app }:fd use;
+
+allow hal_drm_widevine qce_device:chr_file rw_file_perms;