sepolicy/hal_drm_widevine.te - device/google/marlin - Git at Google

 # define SELinux domain
 type hal_drm_widevine, domain;
 hal_server_domain(hal_drm_widevine, hal_drm)

 type hal_drm_widevine_exec, exec_type, vendor_file_type, file_type;
 init_daemon_domain(hal_drm_widevine)

 # TODO(b/36601695): Remove coredata_in_vendor_violators once hal_drm_widevine
 # no longer directly access /data outside /data/vendor.
 typeattribute hal_drm_widevine coredata_in_vendor_violators;

 allow hal_drm mediacodec:fd use;
 allow hal_drm { appdomain -isolated_app }:fd use;
	# define SELinux domain
	type hal_drm_widevine, domain;
	hal_server_domain(hal_drm_widevine, hal_drm)

	type hal_drm_widevine_exec, exec_type, vendor_file_type, file_type;
	init_daemon_domain(hal_drm_widevine)

	# TODO(b/36601695): Remove coredata_in_vendor_violators once hal_drm_widevine
	# no longer directly access /data outside /data/vendor.
	typeattribute hal_drm_widevine coredata_in_vendor_violators;

	allow hal_drm mediacodec:fd use;
	allow hal_drm { appdomain -isolated_app }:fd use;