1type hal_widevine_system, domain, coredomain; 2hal_server_domain(hal_widevine_system, hal_drm) 3 4type hal_widevine_system_exec, exec_type, system_file_type, file_type; 5init_daemon_domain(hal_widevine_system) 6 7allow hal_widevine_system self:vsock_socket { create_socket_perms_no_ioctl }; 8 9get_prop(hal_widevine_system, drm_config_prop) 10get_prop(hal_widevine_system, trusty_widevine_vm_sys_prop) 11 12allow hal_widevine_system mediadrm_system_data_file:dir { create search add_name rw_dir_perms }; 13allow hal_widevine_system mediadrm_system_data_file:file { getattr create open read write }; 14 15