From f971588078271e7b615fd1f122fde93e0a43e6b8 Mon Sep 17 00:00:00 2001 From: Jackeagle Date: Fri, 16 Jan 2026 02:02:15 -0500 Subject: [PATCH 1/2] sepolicy: Fix Widevine DRM support for Android 13 Android 13 transitions DRM HALs from HIDL to AIDL. This commit fixes Widevine support by addressing missing sepolicies that caused service failures. 1. Add `service_contexts` entry. Without this, the service manager defaults to `default_android_service`, causing SELinux denials for apps trying to find the AIDL interface: avc: denied { find } for name=android.hardware.drm.IDrmFactory/widevine scontext=u:r:untrusted_app_30:s0 tcontext=u:object_r:default_android_service:s0 tclass=service_manager 2. Update `file_contexts`. The binary was labeled as generic `vendor_file`, preventing init from transitioning it to the `hal_drm_widevine` domain: init: File /vendor/bin/hw/android.hardware.drm-service.widevine (labeled "u:object_r:vendor_file:s0") has incorrect label or no domain transition Test: - Boot device successfully - Verify no SELinux denials for widevine in logcat - Verify DRM L1/L3 status in DRM Info app Change-Id: Iab7f36e80b8bdaaf525a3397e2f8c158e0cc4434 Signed-off-by: Jackeagle --- sepolicy/vendor/file_contexts | 2 ++ sepolicy/vendor/service_contexts | 1 + 2 files changed, 3 insertions(+) create mode 100644 sepolicy/vendor/service_contexts diff --git a/sepolicy/vendor/file_contexts b/sepolicy/vendor/file_contexts index 7c8ec62..f67ef82 100644 --- a/sepolicy/vendor/file_contexts +++ b/sepolicy/vendor/file_contexts @@ -15,3 +15,5 @@ # Custom wcnss_service /(vendor|system/vendor)/bin/wcnss_service_prebuilt u:object_r:wcnss_service_exec:s0 + +/vendor/bin/hw/android.hardware.drm-service.widevine u:object_r:hal_drm_widevine_exec:s0 diff --git a/sepolicy/vendor/service_contexts b/sepolicy/vendor/service_contexts new file mode 100644 index 0000000..17b715c --- /dev/null +++ b/sepolicy/vendor/service_contexts @@ -0,0 +1 @@ +android.hardware.drm.IDrmFactory/widevine u:object_r:hal_drm_service:s0 -- GitLab From a6a7bf3de5224e57febb94af2b336138c7acf2d2 Mon Sep 17 00:00:00 2001 From: Jackeagle <116548-Jackeagle@users.noreply.gitlab.e.foundation> Date: Fri, 16 Jan 2026 18:33:28 +0530 Subject: [PATCH 2/2] FP3: Add missing Widevine DRM dependencies The widevine service binary requires the legacy DRM HIDL libraries to function, but they are missing from the vendor image. This fixes the following linker error on boot: linker : CANNOT LINK EXECUTABLE "/vendor/bin/hw/android.hardware.drm@1.3-service.widevine": library "android.hardware.drm@1.0.so" not found: needed by main executable Change-Id: I0ed424e36665e0baa53ee7439f12efec8e3dd806 --- device.mk | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/device.mk b/device.mk index 59a1be7..88559ea 100644 --- a/device.mk +++ b/device.mk @@ -263,7 +263,8 @@ PRODUCT_VENDOR_PROPERTIES += ro.hardware.egl=adreno # DRM PRODUCT_PACKAGES += \ android.hardware.drm-V1-ndk.vendor \ - android.hardware.drm-service.clearkey + android.hardware.drm-service.clearkey \ + android.hardware.drm@1.3.vendor PRODUCT_VENDOR_PROPERTIES += \ drm.service.enabled=true -- GitLab