emulator: allows drm hal vendor access
BUG: 76029272
Change-Id: Ib4de8b4cd5cf5899bee23c798156006d3680ab8d
diff --git a/target/board/generic/sepolicy/file.te b/target/board/generic/sepolicy/file.te
new file mode 100644
index 0000000..3afd706
--- /dev/null
+++ b/target/board/generic/sepolicy/file.te
@@ -0,0 +1 @@
+type mediadrm_vendor_data_file, file_type, data_file_type;
diff --git a/target/board/generic/sepolicy/file_contexts b/target/board/generic/sepolicy/file_contexts
index 521c65e..c65aaec 100644
--- a/target/board/generic/sepolicy/file_contexts
+++ b/target/board/generic/sepolicy/file_contexts
@@ -33,3 +33,7 @@
/vendor/lib(64)?/lib_renderControl_enc\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libGLESv1_enc\.so u:object_r:same_process_hal_file:s0
/vendor/lib(64)?/libGLESv2_enc\.so u:object_r:same_process_hal_file:s0
+
+# data
+/data/vendor/mediadrm(/.*)? u:object_r:mediadrm_vendor_data_file:s0
+
diff --git a/target/board/generic/sepolicy/hal_drm_widevine.te b/target/board/generic/sepolicy/hal_drm_widevine.te
index 42d462a..d49000d 100644
--- a/target/board/generic/sepolicy/hal_drm_widevine.te
+++ b/target/board/generic/sepolicy/hal_drm_widevine.te
@@ -10,3 +10,5 @@
vndbinder_use(hal_drm_widevine);
hal_client_domain(hal_drm_widevine, hal_graphics_composer);
+allow hal_drm_widevine mediadrm_vendor_data_file:dir create_dir_perms;
+allow hal_drm_widevine mediadrm_vendor_data_file:file create_file_perms;