commit 84d6d817ba27e55d35296f0429be228c24463324
author Edwin Wong <edwinwong@google.com> Fri Oct 18 13:29:22 2019 -0700
committer Edwin Wong <edwinwong@google.com> Tue Oct 22 20:25:57 2019 -0700
tree 6a931ccf1e445fad0b50425d6060dcd2ab7734ed
parent f90e453f3685d44e06ef7b72d475d2ce9bbb9e1e

Add Widevine L3 drm service to cuttlefish

Test: run gts testL3LongLicenseShortPlayback
  Test in master

bug: 141621537
Change-Id: I8fd07b6f911e359d63d19f3f0cca407a213a15cd

shared/config/CleanSpec.mk

diff --git a/shared/config/CleanSpec.mk b/shared/config/CleanSpec.mk
index 6551673..8ead76d 100644
--- a/shared/config/CleanSpec.mk
+++ b/shared/config/CleanSpec.mk
@@ -45,3 +45,4 @@
 $(call add-clean-step, rm -rf $(PRODUCT_OUT)/vendor/lib/hw/android.hardware.gnss@1.0-impl.so)
 $(call add-clean-step, rm -rf $(PRODUCT_OUT)/vendor/bin/hw/android.hardware.gnss@1.0-service)
 $(call add-clean-step, rm -rf $(PRODUCT_OUT)/vendor/bin/hw/android.hardware.drm@1.2-service.clearkey)
+$(call add-clean-step, rm -rf $(PRODUCT_OUT)/vendor/bin/hw/android.hardware.drm@1.2-service.widevine)

shared/device.mk

diff --git a/shared/device.mk b/shared/device.mk
index e626c86..9aed79c 100644
--- a/shared/device.mk
+++ b/shared/device.mk
@@ -220,7 +220,8 @@
 PRODUCT_PACKAGES += \
     android.hardware.drm@1.0-impl \
     android.hardware.drm@1.0-service \
-    android.hardware.drm@1.2-service.clearkey
+    android.hardware.drm@1.2-service.clearkey \
+    android.hardware.drm@1.2-service.widevine
 
 #
 # Dumpstate HAL

shared/sepolicy/vendor/file.te

diff --git a/shared/sepolicy/vendor/file.te b/shared/sepolicy/vendor/file.te
index a90bdd0..a4d5d83 100644
--- a/shared/sepolicy/vendor/file.te
+++ b/shared/sepolicy/vendor/file.te
@@ -4,3 +4,4 @@
 type tombstone_snapshot_file, file_type;
 type var_run_system_file, file_type;
 type sysfs_gpu, fs_type, sysfs_type;
+type mediadrm_vendor_data_file, file_type, data_file_type;

shared/sepolicy/vendor/file_contexts

diff --git a/shared/sepolicy/vendor/file_contexts b/shared/sepolicy/vendor/file_contexts
index 69c5ad8..e11a959 100644
--- a/shared/sepolicy/vendor/file_contexts
+++ b/shared/sepolicy/vendor/file_contexts
@@ -37,6 +37,10 @@
 /ts_snap\.txt  u:object_r:tombstone_snapshot_file:s0
 
 #############################
+# data files
+/data/vendor/mediadrm(/.*)?  u:object_r:mediadrm_vendor_data_file:s0
+
+#############################
 # var files
 /var/run/system(/.*)?  u:object_r:var_run_system_file:s0
 
@@ -56,6 +60,8 @@
 /vendor/bin/hw/android\.hardware\.bluetooth@1\.0-service\.sim  u:object_r:hal_bluetooth_sim_exec:s0
 /vendor/bin/hw/android\.hardware\.drm@1\.2-service\.clearkey  u:object_r:hal_drm_clearkey_exec:s0
 /vendor/bin/hw/android\.hardware\.drm@1\.2-service-lazy\.clearkey  u:object_r:hal_drm_clearkey_exec:s0
+/vendor/bin/hw/android\.hardware\.drm@1\.2-service\.widevine  u:object_r:hal_drm_widevine_exec:s0
+/vendor/bin/hw/android\.hardware\.drm@1\.2-service-lazy\.widevine  u:object_r:hal_drm_widevine_exec:s0
 /vendor/bin/hw/android\.hardware\.dumpstate@1\.0-service\.cuttlefish  u:object_r:hal_dumpstate_impl_exec:s0
 /vendor/bin/hw/android\.hardware\.gatekeeper@1\.0-service\.software  u:object_r:hal_gatekeeper_default_exec:s0
 /vendor/bin/hw/android\.hardware\.health@2\.0-service\.cuttlefish  u:object_r:hal_health_default_exec:s0

shared/sepolicy/vendor/hal_drm_widevine.te

diff --git a/shared/sepolicy/vendor/hal_drm_widevine.te b/shared/sepolicy/vendor/hal_drm_widevine.te
new file mode 100644
index 0000000..268388b
--- /dev/null
+++ b/shared/sepolicy/vendor/hal_drm_widevine.te
@@ -0,0 +1,14 @@
+type hal_drm_widevine, domain;
+type hal_drm_widevine_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(hal_drm_widevine)
+
+hal_server_domain(hal_drm_widevine, hal_drm)
+
+vndbinder_use(hal_drm_widevine);
+
+allow hal_drm_widevine mediacodec:fd use;
+allow hal_drm_widevine hal_allocator_server:fd use;
+
+allow hal_drm_widevine mediadrm_vendor_data_file:dir create_dir_perms;
+allow hal_drm_widevine mediadrm_vendor_data_file:file create_file_perms;