From 0fa3ae72be3674645258c01caaf1d0e4dcac08f0 Mon Sep 17 00:00:00 2001
From: Edwin Wong <edwinwong@google.com>
Date: Thu, 22 Feb 2018 17:52:45 -0800
Subject: [PATCH] Do not install move_widevine_data.sh in new devices.

Merged from http://go/wvgerrit/44312

The move script is only needed for existing devices that
are running Widevine DRM and are upgrading to Pi or later
Android releases. New devices release with Pi and future
Android releases do not need to run this script.

To run this script, vendor must add the dependency to the
corresponding device makefile and build from ANDROID_ROOT.

For example:
  PRODUCT_PACKAGES += \
      android.hardware.drm@1.0-impl \
      android.hardware.drm@1.0-service \
      android.hardware.drm@1.0-service.widevine \
      move_widevine_data.sh

In addition, vendor needs to update device SELinux policy.

Test: Upgrade from O-MR1 to Pi, Netflix & Play Movies
  can play back offline content downloaded in O-MR1

Test: adb shell to verify script is in /system/bin

Test: adb shell to verify widevine data is moved to
/data/vendor/mediadrm

Test: use audit2allow to verify no avc:denied for widevine drm service

bug: 73656300
Change-Id: I7ad0dfcc0e490f4c018b6a17df6313fade89937f
---
 libwvdrmengine/Android.mk | 29 +++++++++++++++++++++++------
 1 file changed, 23 insertions(+), 6 deletions(-)

diff --git a/libwvdrmengine/Android.mk b/libwvdrmengine/Android.mk
index d88c9c64..2b4bb7a8 100644
--- a/libwvdrmengine/Android.mk
+++ b/libwvdrmengine/Android.mk
@@ -4,11 +4,29 @@
 LOCAL_PATH := $(call my-dir)
 
 # -----------------------------------------------------------------------------
-#  Copies move script to /system/bin.
-#  The mv command preserves SELinux labels(i.e. media_data_file).
-#  We need to run restorecon to put the correct context after the move.
-#  However, restorecon is not implemented for /vendor/bin, so we put
-#  the script in /system/bin.
+# Copies move script to /system/bin.
+#
+# The move script is only needed for existing devices that
+# are running Widevine DRM and are upgrading to Pi or later
+# Android releases. New devices release with Pi and future
+# Android releases do not need to run this script.
+#
+# To run this script, vendor must add the dependency to the
+# corresponding device.mk file and build from ANDROID_ROOT.
+#
+# For example:
+#   PRODUCT_PACKAGES += \
+#       android.hardware.drm@1.0-impl \
+#       android.hardware.drm@1.0-service \
+#       android.hardware.drm@1.0-service.widevine \
+#       move_widevine_data.sh
+#
+# In addition, vendor needs to update device SELinux policy.
+#
+# The mv command preserves SELinux labels(i.e. media_data_file).
+# We need to run restorecon to put the correct context after the move.
+# However, restorecon is not implemented for /vendor/bin, so we put
+# the script in /system/bin.
 #
 include $(CLEAR_VARS)
 
@@ -48,7 +66,6 @@ LOCAL_HEADER_LIBRARIES := \
 
 LOCAL_MODULE := android.hardware.drm@1.0-service.widevine
 LOCAL_INIT_RC := src_hidl/android.hardware.drm@1.0-service.widevine.rc
-LOCAL_REQUIRED_MODULES := move_widevine_data.sh
 LOCAL_MODULE_PATH := $(TARGET_OUT_VENDOR)/bin/hw
 LOCAL_PROPRIETARY_MODULE := true
 LOCAL_MODULE_OWNER := widevine