From f785f497567ea9d55ade92cbf82a7e80eeb5cb82 Mon Sep 17 00:00:00 2001
From: Riley Spahn <rileyspahn@google.com>
Date: Tue, 1 Jul 2014 15:32:31 -0700
Subject: Add SELinux MAC to DrmManagerService.

Add SELinux checks on all interfaces exposed by the
DrmManagerService.

Change-Id: Ib170d3229d88781b76e5fc1c557c8fed233df5d1
---
 drm/libdrmframework/include/DrmManagerService.h | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

(limited to 'drm/libdrmframework')

diff --git a/drm/libdrmframework/include/DrmManagerService.h b/drm/libdrmframework/include/DrmManagerService.h
index 8bc59b4..45cee2e 100644
--- a/drm/libdrmframework/include/DrmManagerService.h
+++ b/drm/libdrmframework/include/DrmManagerService.h
@@ -42,9 +42,28 @@ public:
     static void instantiate();
 
 private:
+    enum drm_perm_t {
+        CONSUME_RIGHTS          = 0,
+        SET_PLAYBACK_STATUS     = 1,
+        OPEN_DECRYPT_SESSION    = 2,
+        CLOSE_DECRYPT_SESSION   = 3,
+        INITIALIZE_DECRYPT_UNIT = 4,
+        DECRYPT                 = 5,
+        FINALIZE_DECRYPT_UNIT   = 6,
+        PREAD                   = 7,
+    };
+
+    static const char *const drm_perm_labels[];
+
     DrmManagerService();
     virtual ~DrmManagerService();
 
+    static const char *get_perm_label(drm_perm_t perm);
+
+    static bool selinuxIsProtectedCallAllowed(pid_t spid, drm_perm_t perm);
+
+    static bool isProtectedCallAllowed(drm_perm_t perm);
+
 public:
     int addUniqueId(bool isNative);
 
-- 
cgit v1.1