Merge ab/7061308 into stage.temp_RQ2A.210305.007

Bug: 180401296
Merged-In: I6de871f2a9107c4a8438139af720a86e3e760756
Change-Id: I646cf656401a6e71345c4faf7f89ab8d0d1b822b

3 files changed, 7 insertions, 1 deletions

diff --git a/vendor/qcom/common/file_contexts b/vendor/qcom/common/file_contexts
index 7931a55..38d8a33 100644
--- a/vendor/qcom/common/file_contexts
+++ b/vendor/qcom/common/file_contexts
@@ -248,6 +248,7 @@
 /dev/msm_.*                                     u:object_r:audio_device:s0
 /dev/ramdump_.*                                 u:object_r:ramdump_device:s0
 /dev/at_.*                                      u:object_r:at_device:s0
+/dev/qce                                        u:object_r:qce_device:s0
 
 # dev socket nodes
 /dev/socket/ipacm_log_file                      u:object_r:ipacm_socket:s0
diff --git a/vendor/qcom/common/hal_drm_widevine.te b/vendor/qcom/common/hal_drm_widevine.te
index 4b52daf..2f8fbdd 100644
--- a/vendor/qcom/common/hal_drm_widevine.te
+++ b/vendor/qcom/common/hal_drm_widevine.te
@@ -10,4 +10,6 @@ allow hal_drm_widevine mediadrm_vendor_data_file:file create_file_perms;
 allow hal_drm_widevine hal_display_config_hwservice:hwservice_manager find;
 binder_call(hal_drm_widevine, hal_graphics_composer_default)
 
-allow hal_drm_widevine { appdomain -isolated_app }:fd use;
\ No newline at end of file
+allow hal_drm_widevine { appdomain -isolated_app }:fd use;
+
+allow hal_drm_widevine qce_device:chr_file rw_file_perms;
diff --git a/vendor/qcom/common/tee.te b/vendor/qcom/common/tee.te
index b28b1b7..d1e8cc1 100644
--- a/vendor/qcom/common/tee.te
+++ b/vendor/qcom/common/tee.te
@@ -31,3 +31,6 @@ allow tee hal_graphics_allocator_default:fd use;
 
 allow tee sysfs_wake_lock:file append;
 allow tee time_daemon:unix_stream_socket connectto;
+
+# allow tee access for secure UI to work
+allow tee graphics_device:chr_file rw_file_perms;