commit 7ec79ed7da373f5785f0721a4e10a0756df55434
author Edwin Wong <edwinwong@google.com> Tue Mar 28 10:58:00 2017 -0700
committer Edwin Wong <edwinwong@google.com> Tue Mar 28 14:25:30 2017 -0700
tree 62425012c5137302db7a205c3d285d65bf974cdf
parent db16dc0d388e395053719150165151b6cea53405

Revoke access to /dev/binder from Widevine DRM HAL.

Test: Play Movies & TV (streaming and pinned content)
Test: Netflix
Test: Widevine unit tests

bug: 36576915
Change-Id: I0b212897f2f12b20336f9ec126a5b2463384d861

sepolicy/hal_drm_widevine.te

diff --git a/sepolicy/hal_drm_widevine.te b/sepolicy/hal_drm_widevine.te
index 0cf32de..e2de75d 100644
--- a/sepolicy/hal_drm_widevine.te
+++ b/sepolicy/hal_drm_widevine.te
@@ -5,10 +5,6 @@
 type hal_drm_widevine_exec, exec_type, file_type;
 init_daemon_domain(hal_drm_widevine)
 
-# TODO(b/36576915): Remove this once Widevine-backed DRM HAL stops using Binder services,
-# such as mediametrics service it currently attempts to use
-typeattribute hal_drm_widevine binder_in_vendor_violators;
-
 # TODO(b/36601602): Remove this once DRM HAL no longer uses Unix domain sockets to talk to tee daemon
 typeattribute hal_drm_widevine socket_between_core_and_vendor_violators;