From 90da258962a770b54133974e65c2100e309cd9ce Mon Sep 17 00:00:00 2001 From: bohu Date: Fri, 25 Aug 2017 11:15:03 -0700 Subject: [PATCH] emulator: fix widevine drm vndbinder denial [ 86.252399] type=1400 audit(1503684692.153:25): avc: denied { read write } for pid=4160 comm="android.hardwar" name="vndbinder" dev="tmpfs" ino=5163 scontext=u:r:hal_drm_widevine:s0 tcontext=u:object_r:vndbinder_device:s0 tclass=chr_file permissive=0 BUG: 64726466 Test: build sdk_gphone_x86-user target, launch it and the above denial should be fixed. Change-Id: Ied1268878236c42fbb0751a0f33014b332d78c32 --- target/board/generic/sepolicy/hal_drm_widevine.te | 1 + 1 file changed, 1 insertion(+) diff --git a/target/board/generic/sepolicy/hal_drm_widevine.te b/target/board/generic/sepolicy/hal_drm_widevine.te index c1a63ca742..42d462a753 100644 --- a/target/board/generic/sepolicy/hal_drm_widevine.te +++ b/target/board/generic/sepolicy/hal_drm_widevine.te @@ -8,4 +8,5 @@ init_daemon_domain(hal_drm_widevine) allow hal_drm mediacodec:fd use; allow hal_drm { appdomain -isolated_app }:fd use; +vndbinder_use(hal_drm_widevine); hal_client_domain(hal_drm_widevine, hal_graphics_composer);