[ALPS02333452] Android p selinux change

[Detail]
Android has defined neverallow rules
to restrict direct access to system files.
We need to have a custom label for each policy.

[Solution]
Define custom label for drmserver

MTK-Commit-Id: 996de9ff486db13908f6d58b476613957d4f336d

Change-Id: I34c8d86c1baf9daa02e29323007e4136c6048b31
CR-Id: ALPS02333452
Feature: OMA DRM V1.0

3 files changed, 9 insertions, 1 deletions

diff --git a/prebuilts/api/26.0/plat_private/drmserver.te b/prebuilts/api/26.0/plat_private/drmserver.te
index 7c727e8..425240f 100755
--- a/prebuilts/api/26.0/plat_private/drmserver.te
+++ b/prebuilts/api/26.0/plat_private/drmserver.te
@@ -3,4 +3,4 @@
 # ======================
 
 # =======drmserver======
-#allow drmserver sysfs:file { read open };
+allow drmserver access_sys_file:file { read open };
diff --git a/prebuilts/api/26.0/plat_private/file.te b/prebuilts/api/26.0/plat_private/file.te
new file mode 100755
index 0000000..e1d7a89
--- /dev/null
+++ b/prebuilts/api/26.0/plat_private/file.te
@@ -0,0 +1,6 @@
+# ==============================================

+# MTK Policy Rule

+# ==============================================

+

+# For drmserver

+type access_sys_file, fs_type, sysfs_type;
\ No newline at end of file
diff --git a/prebuilts/api/26.0/plat_private/file_contexts b/prebuilts/api/26.0/plat_private/file_contexts
index 49367d7..1a13a11 100755
--- a/prebuilts/api/26.0/plat_private/file_contexts
+++ b/prebuilts/api/26.0/plat_private/file_contexts
@@ -37,3 +37,5 @@
 # it is used to mount all storages in meta/factory mode
 /system/bin/storagemanagerd u:object_r:storagemanagerd_exec:s0
 
+# For drmserver
+/sys/block/mmcblk0rpmb/size u:object_r:access_sys_file:s0
\ No newline at end of file