Hi, First , Big thanks to you Berni for your work here!! , this ROM really revived my z5c running smoother and with more features than the stock ROM.
the only issues I've encountered is with widevine and DRM.
I found that if selinux is enforced then the DRM system will fail, where as if I set it to permissive with `setenforce 0` it works.
It's noticeable in 'drm info' as Clearkey CDM and Widevine CDM sections are missing, whereas if I set selinux to permissive they are there and Widevine is at Level 3 as expected without the DRM keys in the TA partition.
If I enforce selinux, then apps like Netflix and Disney+ will not play because it cannot use the DRM system.
I've captured dmesg with selinux set to permissive and I do believe it can be solved easily using the correct policy settings or context for selinux, currently reading up on how that works on Android.
Code:
[ 744.092376] type=1400 audit(1609702796.529:445): avc: denied { open } for comm="[email protected]" path="/data/vendor/mediadrm/IDM1013/L3/certP............eg==.bin" dev="mmcblk0p42" ino=695008 scontext=u:r:hal_drm_widevine:s0 tcontext=u:object_r:vendor_data_file:s0 tclass=file permissive=1
[ 744.092426] type=1400 audit(1609702877.509:446): avc: denied { getattr } for comm="HwBinder:490_3" path="/data/vendor/mediadrm/IDM1013/L3/certP............eg==.bin" dev="mmcblk0p42" ino=695008 scontext=u:r:hal_drm_widevine:s0 tcontext=u:object_r:vendor_data_file:s0 tclass=file permissive=1
[ 744.093537] type=1400 audit(1609702877.509:446): avc: denied { getattr } for comm="HwBinder:490_3" path="/data/vendor/mediadrm/IDM1013/L3/certP............eg==.bin" dev="mmcblk0p42" ino=695008 scontext=u:r:hal_drm_widevine:s0 tcontext=u:object_r:vendor_data_file:s0 tclass=file permissive=1
[ 744.093589] type=1400 audit(1609702877.509:447): avc: denied { read } for comm="HwBinder:490_3" name="certP............eg==.bin" dev="mmcblk0p42" ino=695008 scontext=u:r:hal_drm_widevine:s0 tcontext=u:object_r:vendor_data_file:s0 tclass=file permissive=1
[ 744.093786] type=1400 audit(1609702877.509:447): avc: denied { read } for comm="HwBinder:490_3" name="certP............eg==.bin" dev="mmcblk0p42" ino=695008 scontext=u:r:hal_drm_widevine:s0 tcontext=u:object_r:vendor_data_file:s0 tclass=file permissive=1
[ 744.093818] type=1400 audit(1609702877.509:448): avc: denied { open } for comm="HwBinder:490_3" path="/data/vendor/mediadrm/IDM1013/L3/certP............eg==.bin" dev="mmcblk0p42" ino=695008 scontext=u:r:hal_drm_widevine:s0 tcontext=u:object_r:vendor_data_file:s0 tclass=file permissive=1
[ 744.116210] type=1400 audit(1609702877.509:448): avc: denied { open } for comm="HwBinder:490_3" path="/data/vendor/mediadrm/IDM1013/L3/certP............eg==.bin" dev="mmcblk0p42" ino=695008 scontext=u:r:hal_drm_widevine:s0 tcontext=u:object_r:vendor_data_file:s0 tclass=file permissive=1
[ 744.116249] type=1400 audit(1609702877.529:449): avc: denied { call } for comm="Binder:688_4" scontext=u:r:mediadrmserver:s0 tcontext=u:r:hal_drm_clearkey:s0 tclass=binder permissive=1
[ 747.350026] type=1400 audit(1609702877.529:449): avc: denied { call } for comm="Binder:688_4" scontext=u:r:mediadrmserver:s0 tcontext=u:r:hal_drm_clearkey:s0 tclass=binder permissive=1
[ 747.350083] type=1400 audit(1609702880.759:450): avc: denied { call } for comm="Binder:688_3" scontext=u:r:mediadrmserver:s0 tcontext=u:r:hal_drm_clearkey:s0 tclass=binder permissive=1
[ 747.489856] msm_vidc: info: Opening video instance: 0000000000000000, 1
[ 747.502150] ueventd: firmware: loading 'venus.mdt' for '/devices/soc.0/fdce0000.qcom,venus/firmware/venus.mdt'
Regards.
Mikael.