device_google_gs-common/audio/sepolicy/common/hal_audio_default.te

# allow access to folders
allow hal_audio_default audio_vendor_data_file:dir rw_dir_perms;
allow hal_audio_default audio_vendor_data_file:file create_file_perms;

r_dir_file(hal_audio_default, aoc_audio_file);
r_dir_file(hal_audio_default, mnt_vendor_file);
r_dir_file(hal_audio_default, persist_audio_file);

allow hal_audio_default persist_file:dir search;
allow hal_audio_default aoc_device:file rw_file_perms;
allow hal_audio_default aoc_device:chr_file rw_file_perms;

allow hal_audio_default amcs_device:file rw_file_perms;
allow hal_audio_default amcs_device:chr_file rw_file_perms;
allow hal_audio_default sysfs_pixelstats:file rw_file_perms;
allow hal_audio_default sysfs_extcon:dir search;
allow hal_audio_default sysfs_extcon:file r_file_perms;

#allow access to aoc and kernel boottime
allow hal_audio_default sysfs_aoc:dir { search };
allow hal_audio_default sysfs_aoc_boottime:file r_file_perms;

#allow access to DMABUF Heaps for AAudio API
allow hal_audio_default dmabuf_heap_device:chr_file r_file_perms;

set_prop(hal_audio_default, vendor_audio_prop);
set_prop(hal_audio_default, vendor_audio_prop_restricted);

hal_client_domain(hal_audio_default, hal_health);
hal_client_domain(hal_audio_default, hal_thermal);
allow hal_audio_default fwk_sensor_hwservice:hwservice_manager find;

hal_client_domain(hal_audio_default, hal_graphics_allocator);

userdebug_or_eng(`
    allow hal_audio_default self:unix_stream_socket create_stream_socket_perms;
    allow hal_audio_default audio_vendor_data_file:sock_file { create unlink };
')

wakelock_use(hal_audio_default);

vndbinder_use(hal_audio_default);
allow hal_audio_default aocx:service_manager find;
binder_call(hal_audio_default, aocxd);