commit 07d21f461b81f0ee4e9cfe95cb3244f1e9794fbd
author Edwin Wong <edwinwong@google.com> Tue Jan 23 18:41:54 2018 -0800
committer Edwin Wong <edwinwong@google.com> Wed Jan 31 12:33:20 2018 -0800
tree 7e536be238c147b8a69737172aa534f7ed95e0c5
parent 9704987280e8044f2aabcbbf96fe167b1a1e4f6e

Add SELinux policy for clearkey HIDL service.

Convert clearkey plugin to HIDL to support drm HAL v1.1.
Add SELinux policy for android.hardware.drm@1.1-service.clearkey.

Test: CTS test
  ANDROID_BUILD_TOP= ./android-ccts-tradefed run cts-dev
  --module CtsMediaTestCases
  -t android.media.cts.ClearKeySystemTest#testClearKeyPlaybackCenc

Merged-In: I61e9c272c2a2788fd07d5c12921d28c785661b77

bug: 69635855
Change-Id: I2b6dad3cbefa210400c0169b497ed58d355b85ab

device.mk

diff --git a/device.mk b/device.mk
index b7f07ce..a8ecd9e 100755
--- a/device.mk
+++ b/device.mk
@@ -312,7 +312,8 @@
 PRODUCT_PACKAGES += \
   android.hardware.drm@1.0-impl \
   android.hardware.drm@1.0-service \
-  android.hardware.drm@1.0-service.widevine
+  android.hardware.drm@1.0-service.widevine \
+  android.hardware.drm@1.1-service.clearkey
 
 # NFC packages
 PRODUCT_PACKAGES += \

manifest.xml

diff --git a/manifest.xml b/manifest.xml
index 38a432b..ae10532 100644
--- a/manifest.xml
+++ b/manifest.xml
@@ -83,16 +83,18 @@
     <hal format="hidl">
         <name>android.hardware.drm</name>
         <transport>hwbinder</transport>
-        <version>1.0</version>
+        <version>1.1</version>
         <interface>
             <name>ICryptoFactory</name>
             <instance>default</instance>
             <instance>widevine</instance>
+            <instance>clearkey</instance>
         </interface>
         <interface>
             <name>IDrmFactory</name>
             <instance>default</instance>
             <instance>widevine</instance>
+            <instance>clearkey</instance>
         </interface>
     </hal>
     <hal format="hidl">

sepolicy/vendor/file_contexts

diff --git a/sepolicy/vendor/file_contexts b/sepolicy/vendor/file_contexts
index 3d76f88..d9290d6 100644
--- a/sepolicy/vendor/file_contexts
+++ b/sepolicy/vendor/file_contexts
@@ -183,8 +183,9 @@
 /vendor/bin/init\.power\.sh     u:object_r:init_power_exec:s0
 /vendor/bin/init\.radio\.sh     u:object_r:init_radio_exec:s0
 
-/vendor/bin/hw/android\.hardware\.drm@1\.0-service.widevine          u:object_r:hal_drm_widevine_exec:s0
-/vendor/bin/hw/android\.hardware\.vibrator@1\.1-service.wahoo        u:object_r:hal_vibrator_default_exec:s0
+/vendor/bin/hw/android\.hardware\.drm@1\.0-service\.widevine          u:object_r:hal_drm_widevine_exec:s0
+/vendor/bin/hw/android\.hardware\.drm@1\.1-service\.clearkey          u:object_r:hal_drm_clearkey_exec:s0
+/vendor/bin/hw/android\.hardware\.vibrator@1\.1-service\.wahoo        u:object_r:hal_vibrator_default_exec:s0
 /vendor/bin/hw/android\.hardware\.keymaster@3\.0-service-qti         u:object_r:hal_keymaster_qti_exec:s0
 /vendor/bin/hw/android\.hardware\.gatekeeper@1\.0-service-qti        u:object_r:hal_gatekeeper_qti_exec:s0
 /vendor/bin/hw/android\.hardware\.gnss@1\.0-service-qti              u:object_r:hal_gnss_qti_exec:s0

sepolicy/vendor/hal_drm_clearkey.te

diff --git a/sepolicy/vendor/hal_drm_clearkey.te b/sepolicy/vendor/hal_drm_clearkey.te
new file mode 100644
index 0000000..976b9fa
--- /dev/null
+++ b/sepolicy/vendor/hal_drm_clearkey.te
@@ -0,0 +1,11 @@
+# policy for /vendor/bin/hw/android.hardware.drm@1.1-service.clearkey
+type hal_drm_clearkey, domain;
+type hal_drm_clearkey_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(hal_drm_clearkey)
+
+hal_server_domain(hal_drm_clearkey, hal_drm)
+
+vndbinder_use(hal_drm_clearkey);
+
+allow hal_drm_clearkey { appdomain -isolated_app }:fd use;