Add SELinux policy for clearkey HIDL service.
Convert clearkey plugin to HIDL to support drm HAL v1.1.
Add SELinux policy for android.hardware.drm@1.1-service.clearkey.
Test: CTS test
ANDROID_BUILD_TOP= ./android-ccts-tradefed run cts-dev
--module CtsMediaTestCases
-t android.media.cts.ClearKeySystemTest#testClearKeyPlaybackCenc
Merged-In: I61e9c272c2a2788fd07d5c12921d28c785661b77
bug: 69635855
Change-Id: I95514186b08a0f1da195817e4b189e09bb668b00
diff --git a/manifest.xml b/manifest.xml
index fd39618..10808fb 100644
--- a/manifest.xml
+++ b/manifest.xml
@@ -83,15 +83,17 @@
<hal format="hidl">
<name>android.hardware.drm</name>
<transport>hwbinder</transport>
- <version>1.0</version>
+ <version>1.1</version>
<interface>
<name>ICryptoFactory</name>
<instance>widevine</instance>
+ <instance>clearkey</instance>
<instance>default</instance>
</interface>
<interface>
<name>IDrmFactory</name>
<instance>widevine</instance>
+ <instance>clearkey</instance>
<instance>default</instance>
</interface>
</hal>
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index 423a0eb..87fc434 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -112,11 +112,12 @@
/vendor/bin/nanoapp_cmd u:object_r:nanoapp_cmd_exec:s0
# files in /vendor
-/vendor/bin/hw/android\.hardware\.drm@1\.0-service.widevine u:object_r:hal_drm_widevine_exec:s0
-/vendor/bin/hw/android\.hardware\.dumpstate@1\.0-service.marlin u:object_r:hal_dumpstate_impl_exec:s0
-/vendor/bin/hw/android\.hardware\.power@1\.1-service.marlin u:object_r:hal_power_default_exec:s0
-/vendor/bin/hw/android\.hardware\.usb@1\.1-service.marlin u:object_r:hal_usb_default_exec:s0
-/vendor/bin/hw/android\.hardware\.vibrator@1\.0-service.marlin u:object_r:hal_vibrator_default_exec:s0
+/vendor/bin/hw/android\.hardware\.drm@1\.0-service\.widevine u:object_r:hal_drm_widevine_exec:s0
+/vendor/bin/hw/android\.hardware\.drm@1\.1-service\.clearkey u:object_r:hal_drm_clearkey_exec:s0
+/vendor/bin/hw/android\.hardware\.dumpstate@1\.0-service\.marlin u:object_r:hal_dumpstate_impl_exec:s0
+/vendor/bin/hw/android\.hardware\.power@1\.1-service\.marlin u:object_r:hal_power_default_exec:s0
+/vendor/bin/hw/android\.hardware\.usb@1\.1-service\.marlin u:object_r:hal_usb_default_exec:s0
+/vendor/bin/hw/android\.hardware\.vibrator@1\.0-service\.marlin u:object_r:hal_vibrator_default_exec:s0
/vendor/bin/msm_irqbalance u:object_r:irqbalance_exec:s0
/vendor/bin/nanohub_slpi u:object_r:nanohub_slpi_exec:s0
/vendor/bin/perfd u:object_r:perfd_exec:s0
diff --git a/sepolicy/hal_drm_clearkey.te b/sepolicy/hal_drm_clearkey.te
new file mode 100644
index 0000000..976b9fa
--- /dev/null
+++ b/sepolicy/hal_drm_clearkey.te
@@ -0,0 +1,11 @@
+# policy for /vendor/bin/hw/android.hardware.drm@1.1-service.clearkey
+type hal_drm_clearkey, domain;
+type hal_drm_clearkey_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(hal_drm_clearkey)
+
+hal_server_domain(hal_drm_clearkey, hal_drm)
+
+vndbinder_use(hal_drm_clearkey);
+
+allow hal_drm_clearkey { appdomain -isolated_app }:fd use;
