platform_system_sepolicy/vendor/hal_drm_default.te

type hal_drm_default, domain;
hal_server_domain(hal_drm_default, hal_drm)

type hal_drm_default_exec, exec_type, file_type;
init_daemon_domain(hal_drm_default)

allow hal_drm_default mediacodec:fd use;
allow hal_drm_default { appdomain -isolated_app }:fd use;

# TODO(b/36601602): Remove this once DRM HAL no longer uses Unix domain sockets to talk to tee daemon
typeattribute hal_drm_default socket_between_core_and_vendor_violators;