From aeb6458cefdad7e600d05b440e546362446262f7 Mon Sep 17 00:00:00 2001
From: Jeff Tinker <jtinker@google.com>
Date: Mon, 24 Jul 2017 13:23:11 -0700
Subject: [PATCH] Fix selinux denial in hal_drm_widevine

Test: manual verification of playback using
ExoPlayer on GTS HDCP and secure video path
playback. Also tested Play Movies and
verified it is using L1.

bug:63992308
Change-Id: I93ac76243ccb2872a1107f1995b8235ec5a348dd
---
 sepolicy/vendor/hal_drm_widevine.te | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/sepolicy/vendor/hal_drm_widevine.te b/sepolicy/vendor/hal_drm_widevine.te
index e83649b9..faf47b31 100644
--- a/sepolicy/vendor/hal_drm_widevine.te
+++ b/sepolicy/vendor/hal_drm_widevine.te
@@ -10,3 +10,8 @@ vndbinder_use(hal_drm_widevine);
 
 allow hal_drm mediacodec:fd use;
 allow hal_drm { appdomain -isolated_app }:fd use;
+
+# The Qualcomm DRM-HAL implementation uses a vendor-binder service provided
+# by the HWC HAL.
+allow hal_drm_widevine qdisplay_service:service_manager { find };
+binder_call(hal_drm_widevine, hal_graphics_composer)