Add SELinux MAC to DrmManagerService.

Add SELinux checks on all interfaces exposed by the
DrmManagerService.

Change-Id: Ib170d3229d88781b76e5fc1c557c8fed233df5d1

1 files changed, 19 insertions, 0 deletions

diff --git a/drm/libdrmframework/include/DrmManagerService.h b/drm/libdrmframework/include/DrmManagerService.h
index 8bc59b4..45cee2e 100644
--- a/drm/libdrmframework/include/DrmManagerService.h
+++ b/drm/libdrmframework/include/DrmManagerService.h
@@ -42,9 +42,28 @@ public:
     static void instantiate();
 
 private:
+    enum drm_perm_t {
+        CONSUME_RIGHTS          = 0,
+        SET_PLAYBACK_STATUS     = 1,
+        OPEN_DECRYPT_SESSION    = 2,
+        CLOSE_DECRYPT_SESSION   = 3,
+        INITIALIZE_DECRYPT_UNIT = 4,
+        DECRYPT                 = 5,
+        FINALIZE_DECRYPT_UNIT   = 6,
+        PREAD                   = 7,
+    };
+
+    static const char *const drm_perm_labels[];
+
     DrmManagerService();
     virtual ~DrmManagerService();
 
+    static const char *get_perm_label(drm_perm_t perm);
+
+    static bool selinuxIsProtectedCallAllowed(pid_t spid, drm_perm_t perm);
+
+    static bool isProtectedCallAllowed(drm_perm_t perm);
+
 public:
     int addUniqueId(bool isNative);