From b6ccc2ea0fe80fa00c5f396718468e6bbe40c689 Mon Sep 17 00:00:00 2001
From: Jasmine Cha <chajasmine@google.com>
Date: Fri, 24 Feb 2023 11:23:32 +0800
Subject: [PATCH] audio: introduce sepolicy for hal audio ext service

Bug: 206738075
Test: build pass

Change-Id: I742566946d744c966443f30740adb8a3a4b3c00c
Signed-off-by: Jasmine Cha <chajasmine@google.com>
---
 aoc/sepolicy/hal_audio_default.te | 2 ++
 aoc/sepolicy/service.te           | 2 ++
 aoc/sepolicy/service_contexts     | 2 ++
 3 files changed, 6 insertions(+)
 create mode 100644 aoc/sepolicy/service.te
 create mode 100644 aoc/sepolicy/service_contexts

diff --git a/aoc/sepolicy/hal_audio_default.te b/aoc/sepolicy/hal_audio_default.te
index aa462bf..461875c 100644
--- a/aoc/sepolicy/hal_audio_default.te
+++ b/aoc/sepolicy/hal_audio_default.te
@@ -14,6 +14,8 @@ allow hal_audio_default aoc_device:chr_file rw_file_perms;
 
 allow hal_audio_default hal_audio_ext_hwservice:hwservice_manager { find add };
 
+add_service(hal_audio_default, hal_audio_ext_service)
+
 allow hal_audio_default amcs_device:file rw_file_perms;
 allow hal_audio_default amcs_device:chr_file rw_file_perms;
 allow hal_audio_default sysfs_pixelstats:file rw_file_perms;
diff --git a/aoc/sepolicy/service.te b/aoc/sepolicy/service.te
new file mode 100644
index 0000000..052558c
--- /dev/null
+++ b/aoc/sepolicy/service.te
@@ -0,0 +1,2 @@
+# Audio
+type hal_audio_ext_service, service_manager_type;
diff --git a/aoc/sepolicy/service_contexts b/aoc/sepolicy/service_contexts
new file mode 100644
index 0000000..1b5f301
--- /dev/null
+++ b/aoc/sepolicy/service_contexts
@@ -0,0 +1,2 @@
+# Audio
+vendor.google.whitechapel.audio.extension.IAudioExtension/default    u:object_r:hal_audio_ext_service:s0