From fbd43f03a5db3b5e1e52ec953f02f38a75c8f40b Mon Sep 17 00:00:00 2001
From: Jeff Tinker <jtinker@google.com>
Date: Fri, 3 Feb 2017 12:04:30 -0800
Subject: [PATCH] Fix selinux denial for binderized drm hal

Change-Id: I19d65a83c5c3f42296e8cd8a425bf1f64651068f
related-to-bug:32815560
---
 private/hal_drm_default.te | 3 +++
 public/mediadrmserver.te   | 1 +
 2 files changed, 4 insertions(+)

diff --git a/private/hal_drm_default.te b/private/hal_drm_default.te
index 6e4df5b8b..74875af44 100644
--- a/private/hal_drm_default.te
+++ b/private/hal_drm_default.te
@@ -3,3 +3,6 @@ hal_impl_domain(hal_drm_default, hal_drm)
 
 type hal_drm_default_exec, exec_type, file_type;
 init_daemon_domain(hal_drm_default)
+
+allow hal_drm_default mediacodec:fd use;
+allow hal_drm_default { appdomain -isolated_app }:fd use;
diff --git a/public/mediadrmserver.te b/public/mediadrmserver.te
index f93cf4545..8835585f6 100644
--- a/public/mediadrmserver.te
+++ b/public/mediadrmserver.te
@@ -9,6 +9,7 @@ binder_use(mediadrmserver)
 binder_call(mediadrmserver, binderservicedomain)
 binder_call(mediadrmserver, appdomain)
 binder_service(mediadrmserver)
+binder_call(mediadrmserver, hal_drm)
 
 add_service(mediadrmserver, mediadrmserver_service)
 allow mediadrmserver mediaserver_service:service_manager find;
-- 
GitLab