# define SELinux domain | |
type hal_drm_widevine, domain; | |
hal_server_domain(hal_drm_widevine, hal_drm) | |
type hal_drm_widevine_exec, exec_type, vendor_file_type, file_type; | |
init_daemon_domain(hal_drm_widevine) | |
# TODO(b/36601695): Remove coredata_in_vendor_violators once hal_drm_widevine | |
# no longer directly access /data outside /data/vendor. | |
typeattribute hal_drm_widevine coredata_in_vendor_violators; | |
allow hal_drm mediacodec:fd use; | |
allow hal_drm { appdomain -isolated_app }:fd use; |