From 07d21f461b81f0ee4e9cfe95cb3244f1e9794fbd Mon Sep 17 00:00:00 2001
From: Edwin Wong <edwinwong@google.com>
Date: Tue, 23 Jan 2018 18:41:54 -0800
Subject: [PATCH] Add SELinux policy for clearkey HIDL service.

Convert clearkey plugin to HIDL to support drm HAL v1.1.
Add SELinux policy for android.hardware.drm@1.1-service.clearkey.

Test: CTS test
  ANDROID_BUILD_TOP= ./android-ccts-tradefed run cts-dev
  --module CtsMediaTestCases
  -t android.media.cts.ClearKeySystemTest#testClearKeyPlaybackCenc

Merged-In: I61e9c272c2a2788fd07d5c12921d28c785661b77

bug: 69635855
Change-Id: I2b6dad3cbefa210400c0169b497ed58d355b85ab
---
 device.mk                           |  3 ++-
 manifest.xml                        |  4 +++-
 sepolicy/vendor/file_contexts       |  5 +++--
 sepolicy/vendor/hal_drm_clearkey.te | 11 +++++++++++
 4 files changed, 19 insertions(+), 4 deletions(-)
 create mode 100644 sepolicy/vendor/hal_drm_clearkey.te

diff --git a/device.mk b/device.mk
index b7f07ce5..a8ecd9ef 100755
--- a/device.mk
+++ b/device.mk
@@ -312,7 +312,8 @@ PRODUCT_PACKAGES += \
 PRODUCT_PACKAGES += \
   android.hardware.drm@1.0-impl \
   android.hardware.drm@1.0-service \
-  android.hardware.drm@1.0-service.widevine
+  android.hardware.drm@1.0-service.widevine \
+  android.hardware.drm@1.1-service.clearkey
 
 # NFC packages
 PRODUCT_PACKAGES += \
diff --git a/manifest.xml b/manifest.xml
index 38a432ba..ae10532b 100644
--- a/manifest.xml
+++ b/manifest.xml
@@ -83,16 +83,18 @@
     <hal format="hidl">
         <name>android.hardware.drm</name>
         <transport>hwbinder</transport>
-        <version>1.0</version>
+        <version>1.1</version>
         <interface>
             <name>ICryptoFactory</name>
             <instance>default</instance>
             <instance>widevine</instance>
+            <instance>clearkey</instance>
         </interface>
         <interface>
             <name>IDrmFactory</name>
             <instance>default</instance>
             <instance>widevine</instance>
+            <instance>clearkey</instance>
         </interface>
     </hal>
     <hal format="hidl">
diff --git a/sepolicy/vendor/file_contexts b/sepolicy/vendor/file_contexts
index 3d76f88d..d9290d61 100644
--- a/sepolicy/vendor/file_contexts
+++ b/sepolicy/vendor/file_contexts
@@ -183,8 +183,9 @@
 /vendor/bin/init\.power\.sh     u:object_r:init_power_exec:s0
 /vendor/bin/init\.radio\.sh     u:object_r:init_radio_exec:s0
 
-/vendor/bin/hw/android\.hardware\.drm@1\.0-service.widevine          u:object_r:hal_drm_widevine_exec:s0
-/vendor/bin/hw/android\.hardware\.vibrator@1\.1-service.wahoo        u:object_r:hal_vibrator_default_exec:s0
+/vendor/bin/hw/android\.hardware\.drm@1\.0-service\.widevine          u:object_r:hal_drm_widevine_exec:s0
+/vendor/bin/hw/android\.hardware\.drm@1\.1-service\.clearkey          u:object_r:hal_drm_clearkey_exec:s0
+/vendor/bin/hw/android\.hardware\.vibrator@1\.1-service\.wahoo        u:object_r:hal_vibrator_default_exec:s0
 /vendor/bin/hw/android\.hardware\.keymaster@3\.0-service-qti         u:object_r:hal_keymaster_qti_exec:s0
 /vendor/bin/hw/android\.hardware\.gatekeeper@1\.0-service-qti        u:object_r:hal_gatekeeper_qti_exec:s0
 /vendor/bin/hw/android\.hardware\.gnss@1\.0-service-qti              u:object_r:hal_gnss_qti_exec:s0
diff --git a/sepolicy/vendor/hal_drm_clearkey.te b/sepolicy/vendor/hal_drm_clearkey.te
new file mode 100644
index 00000000..976b9fab
--- /dev/null
+++ b/sepolicy/vendor/hal_drm_clearkey.te
@@ -0,0 +1,11 @@
+# policy for /vendor/bin/hw/android.hardware.drm@1.1-service.clearkey
+type hal_drm_clearkey, domain;
+type hal_drm_clearkey_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(hal_drm_clearkey)
+
+hal_server_domain(hal_drm_clearkey, hal_drm)
+
+vndbinder_use(hal_drm_clearkey);
+
+allow hal_drm_clearkey { appdomain -isolated_app }:fd use;