Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f9715880 authored by Jackeagle's avatar Jackeagle
Browse files

sepolicy: Fix Widevine DRM support for Android 13 



Android 13 transitions DRM HALs from HIDL to AIDL. This commit fixes Widevine support by addressing missing sepolicies that caused service failures.

1. Add `service_contexts` entry. Without this, the service manager defaults to `default_android_service`, causing SELinux denials for apps trying to find the AIDL interface:

   avc: denied { find } for name=android.hardware.drm.IDrmFactory/widevine scontext=u:r:untrusted_app_30:s0 tcontext=u:object_r:default_android_service:s0 tclass=service_manager

2. Update `file_contexts`. The binary was labeled as generic `vendor_file`, preventing init from transitioning it to the `hal_drm_widevine` domain:

   init: File /vendor/bin/hw/android.hardware.drm-service.widevine (labeled "u:object_r:vendor_file:s0") has incorrect label or no domain transition

Test:
- Boot device successfully
- Verify no SELinux denials for widevine in logcat
- Verify DRM L1/L3 status in DRM Info app

Change-Id: Iab7f36e80b8bdaaf525a3397e2f8c158e0cc4434
Signed-off-by: default avatarJackeagle <jackeagle102@gmail.com>
parent d9870726

sepolicy/vendor/file_contexts

+2 −0
Original line number Diff line number Diff line
@@ -15,3 +15,5 @@ 


# Custom wcnss_service

/(vendor|system/vendor)/bin/wcnss_service_prebuilt       u:object_r:wcnss_service_exec:s0



/vendor/bin/hw/android.hardware.drm-service.widevine    u:object_r:hal_drm_widevine_exec:s0

sepolicy/vendor/service_contexts

0 → 100644
+1 −0
Original line number Diff line number Diff line 
android.hardware.drm.IDrmFactory/widevine   u:object_r:hal_drm_service:s0