diff options
| author | Ricardo Cerqueira <ricardo@cyngn.com> | 2015-01-10 02:51:46 +0000 |
|---|---|---|
| committer | Ricardo Cerqueira <ricardo@cyngn.com> | 2015-01-10 03:48:17 +0000 |
| commit | b68d7728686d2da6a2310c5c8c62885d1e2d0d81 (patch) | |
| tree | cb72e68bf648aa5d7f3f29053d96c21c7031e94b | |
| parent | 64bf3281002dae808fb4e1da8967e08cd616a796 (diff) | |
| download | android_device_qcom_sepolicy-b68d7728686d2da6a2310c5c8c62885d1e2d0d81.tar.gz android_device_qcom_sepolicy-b68d7728686d2da6a2310c5c8c62885d1e2d0d81.tar.bz2 android_device_qcom_sepolicy-b68d7728686d2da6a2310c5c8c62885d1e2d0d81.zip | |
Fix access to crypto/DRM firmware
Change-Id: I099953a8adeacd90320daabfab384de74c52a5c3
| -rw-r--r-- | common/keystore.te | 4 | ||||
| -rw-r--r-- | common/mediaserver.te | 5 |
2 files changed, 9 insertions, 0 deletions
diff --git a/common/keystore.te b/common/keystore.te index 524fc3f4..9450d13d 100644 --- a/common/keystore.te +++ b/common/keystore.te @@ -1,2 +1,6 @@ # Allow keystore to operate using qseecom_device allow keystore tee_device:chr_file rw_file_perms; + +# Allow keystore to search and get keymaste.mdt +allow keystore firmware_file:dir search; +allow keystore firmware_file:file { read getattr open }; diff --git a/common/mediaserver.te b/common/mediaserver.te index 68a1bbd9..6f745cfc 100644 --- a/common/mediaserver.te +++ b/common/mediaserver.te @@ -34,3 +34,8 @@ unix_socket_connect(mediaserver, mpctl, perfd) # for thermal sock files unix_socket_connect(mediaserver, thermal, thermal-engine) + +# Allow mediaserver to search and get the widevine, playready firmwares +allow mediaserver firmware_file:dir search; +allow mediaserver firmware_file:file { read getattr open }; + |