From 27a4afc1a9b4577433d624d35dec4cf1d4308984 Mon Sep 17 00:00:00 2001 From: Jasmine Cha Date: Thu, 16 Sep 2021 17:57:33 +0800 Subject: [PATCH] audio: add permission to request health/sensor data - Add audio hal into hal_health clients - Allow audio hal to find fwk_sensor_hwservice SELinux : avc: denied { find } for interface=android.frameworks.sensorservice::ISensorManager sid=u:r:hal_audio_default:s0 pid=5907 scontext=u:r:hal_audio_default:s0 tcontext=u:object_r:fwk_sensor_hwservice:s0 tclass=hwservice_manager permissive=1 SELinux : avc: denied { find } for interface=android.hardware.health::IHealth sid=u:r:hal_audio_default:s0 pid=9875 scontext=u:r:hal_audio_default:s0 tcontext=u:object_r:hal_health_hwservice:s0 tclass=hwservice_manager permissive=1 audio.service: type=1400 audit(0.0:14): avc: denied { call } for scontext=u:r:hal_audio_default:s0 tcontext=u:r:hal_health_default:s0 tclass=binder permissive=1 audio.service: type=1400 audit(0.0:15): avc: denied { transfer } for scontext=u:r:hal_audio_default:s0 tcontext=u:r:hal_health_default:s0 tclass=binder permissive=1 Bug: 199382564 Bug: 199801586 Test: build pass Signed-off-by: Jasmine Cha Change-Id: I8e8a512cfbd6be814c98bac75ff6c0e5db028db2 --- whitechapel/vendor/google/hal_audio_default.te | 3 +++ 1 file changed, 3 insertions(+) diff --git a/whitechapel/vendor/google/hal_audio_default.te b/whitechapel/vendor/google/hal_audio_default.te index 5ee99469..1f3edbe2 100644 --- a/whitechapel/vendor/google/hal_audio_default.te +++ b/whitechapel/vendor/google/hal_audio_default.te @@ -23,6 +23,9 @@ allow hal_audio_default dmabuf_heap_device:chr_file r_file_perms; get_prop(hal_audio_default, vendor_audio_prop); +hal_client_domain(hal_audio_default, hal_health); +allow hal_audio_default fwk_sensor_hwservice:hwservice_manager find; + userdebug_or_eng(` allow hal_audio_default self:unix_stream_socket create_stream_socket_perms; allow hal_audio_default audio_vendor_data_file:sock_file { create unlink };