Add SEPolicy rule for hal_drm_widevine
1. Add node /dev/qce.
2. Allow hal_drm_widevine r/w qce_device
Test: GtsMediaTestCases
Bug: 164895342
Change-Id: I31a8d587477a18466a9e189be9b24bbcfdb76a6b
diff --git a/vendor/qcom/common/file_contexts b/vendor/qcom/common/file_contexts
index f329e37..9004bb2 100644
--- a/vendor/qcom/common/file_contexts
+++ b/vendor/qcom/common/file_contexts
@@ -275,6 +275,7 @@
/dev/msm_.* u:object_r:audio_device:s0
/dev/ramdump_.* u:object_r:ramdump_device:s0
/dev/at_.* u:object_r:at_device:s0
+/dev/qce u:object_r:qce_device:s0
# dev socket nodes
/dev/socket/ipacm_log_file u:object_r:ipacm_socket:s0
diff --git a/vendor/qcom/common/hal_drm_widevine.te b/vendor/qcom/common/hal_drm_widevine.te
index 0b3e295..2f8fbdd 100644
--- a/vendor/qcom/common/hal_drm_widevine.te
+++ b/vendor/qcom/common/hal_drm_widevine.te
@@ -11,3 +11,5 @@
binder_call(hal_drm_widevine, hal_graphics_composer_default)
allow hal_drm_widevine { appdomain -isolated_app }:fd use;
+
+allow hal_drm_widevine qce_device:chr_file rw_file_perms;