Revoke access to /dev/binder from Widevine DRM HAL.
Test: Play Movies & TV (streaming and pinned content)
Test: Netflix
Test: Widevine unit tests
bug: 36576915
Change-Id: I0b212897f2f12b20336f9ec126a5b2463384d861
diff --git a/sepolicy/hal_drm_widevine.te b/sepolicy/hal_drm_widevine.te
index 0cf32de..e2de75d 100644
--- a/sepolicy/hal_drm_widevine.te
+++ b/sepolicy/hal_drm_widevine.te
@@ -5,10 +5,6 @@
type hal_drm_widevine_exec, exec_type, file_type;
init_daemon_domain(hal_drm_widevine)
-# TODO(b/36576915): Remove this once Widevine-backed DRM HAL stops using Binder services,
-# such as mediametrics service it currently attempts to use
-typeattribute hal_drm_widevine binder_in_vendor_violators;
-
# TODO(b/36601602): Remove this once DRM HAL no longer uses Unix domain sockets to talk to tee daemon
typeattribute hal_drm_widevine socket_between_core_and_vendor_violators;