selinux: New aocx service
Add new aocxd server domain
- Allow aocxd to access AOC resources
- Add new aocx binder vendor service
Allow audio hal to find and talk to aocx
avc error tcontext=u:object_r:binder_device:s0 tclass=chr_file or tcontext=u:object_r:vndbinder_device:s0 tclass=chr_file
avc: denied { add } for pid=1073 uid=0 name=aocx.IAocx scontext=u:r:aocxd:s0 tcontext=u:object_r:aocx:s0 tclass=service_manager
avc: denied { call } for scontext=u:r:hal_audio_default:s0 tcontext=u:r:aocxd:s0 tclass=binder
BUG: 315853303
Change-Id: Ide16a2be9f032bef60f43d4d3daa6372ae06b057
This commit is contained in:
Bruce Po
parent
29e115e63e
commit
6b92b30e7b
8 changed files with 39 additions and 5 deletions
|
|
@ -1,7 +1,8 @@
|
|||
BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/aoc/sepolicy
|
||||
|
||||
PRODUCT_PACKAGES += dump_aoc \
|
||||
aocd
|
||||
aocd \
|
||||
aocxd
|
||||
|
||||
ifeq (,$(filter aosp_%,$(TARGET_PRODUCT)))
|
||||
# IAudioMetricExt HIDL
|
||||
|
|
@ -23,4 +24,5 @@ PRODUCT_PACKAGES_DEBUG += \
|
|||
aocdump \
|
||||
aocutil \
|
||||
aoc_audio_cfg \
|
||||
vp_util
|
||||
vp_util \
|
||||
aocx_tool
|
||||
|
|
|
|||
25
aoc/sepolicy/aocxd.te
Normal file
25
aoc/sepolicy/aocxd.te
Normal file
|
|
@ -0,0 +1,25 @@
|
|||
# aocxd server domain
|
||||
type aocxd, domain;
|
||||
type aocxd_exec, vendor_file_type, exec_type, file_type;
|
||||
init_daemon_domain(aocxd)
|
||||
|
||||
# sysfs operations
|
||||
allow aocxd sysfs_aoc:dir search;
|
||||
|
||||
# dev operations
|
||||
allow aocxd aoc_device:chr_file rw_file_perms;
|
||||
|
||||
# allow inotify to watch for additions/removals from /dev
|
||||
allow aocxd device:dir r_dir_perms;
|
||||
|
||||
# set properties
|
||||
set_prop(aocxd, vendor_aoc_prop);
|
||||
|
||||
# allow binder access
|
||||
vndbinder_use(aocxd);
|
||||
|
||||
# allow managing wakelocks
|
||||
wakelock_use(aocxd);
|
||||
|
||||
# add aocx service to the domain
|
||||
add_service(aocxd, aocx);
|
||||
|
|
@ -27,11 +27,13 @@
|
|||
/dev/acd-audio_ap_offload_rx u:object_r:aoc_device:s0
|
||||
/dev/acd-audio_ap_offload_tx u:object_r:aoc_device:s0
|
||||
/dev/acd-mel_processor u:object_r:aoc_device:s0
|
||||
/dev/acd-aocx_control u:object_r:aoc_device:s0
|
||||
|
||||
# AoC vendor binaries
|
||||
/vendor/bin/aocd u:object_r:aocd_exec:s0
|
||||
/vendor/bin/aocdump u:object_r:aocdump_exec:s0
|
||||
/vendor/bin/dump/dump_aoc u:object_r:dump_aoc_exec:s0
|
||||
/vendor/bin/aocxd u:object_r:aocxd_exec:s0
|
||||
|
||||
# AoC audio files
|
||||
/vendor/etc/aoc(/.*)? u:object_r:aoc_audio_file:s0
|
||||
|
|
|
|||
1
aoc/sepolicy/vndservice.te
Normal file
1
aoc/sepolicy/vndservice.te
Normal file
|
|
@ -0,0 +1 @@
|
|||
type aocx, vndservice_manager_type;
|
||||
1
aoc/sepolicy/vndservice_contexts
Normal file
1
aoc/sepolicy/vndservice_contexts
Normal file
|
|
@ -0,0 +1 @@
|
|||
aocx.IAocx u:object_r:aocx:s0
|
||||
Loading…
Add table
Add a link
Reference in a new issue