From f01cb384d8031e6f202415567b83cf1ed419cdca Mon Sep 17 00:00:00 2001 From: millerliang Date: Tue, 30 Mar 2021 09:10:37 +0000 Subject: [PATCH] Fix MMAP audio avc denied 03-30 16:45:16.840 738 738 I auditd : type=1400 audit(0.0:76): avc: denied { read } for comm="HwBinder:738_2" name="u:object_r:audio_prop:s0" dev="tmpfs" ino=87 scontext=u:r:hal_audio_default:s0 tcontext=u:object_r:audio_prop:s0 tclass=file permissive=0 03-30 16:45:16.980 644 644 I auditd : type=1400 audit(0.0:78): avc: denied { map } for comm="audioserver" path="/dev/snd/pcmC0D0p" dev="tmpfs" ino=977 scontext=u:r:audioserver:s0 tcontext=u:object_r:audio_device:s0 tclass=chr_file permissive=0 Bug: 165737390 Test: verified with the forrest ROM and error log gone Change-Id: I1c8721a051844d3410cffa23411a434c832b416e --- whitechapel/vendor/google/audioserver.te | 2 ++ whitechapel/vendor/google/property_contexts | 1 + 2 files changed, 3 insertions(+) create mode 100644 whitechapel/vendor/google/audioserver.te diff --git a/whitechapel/vendor/google/audioserver.te b/whitechapel/vendor/google/audioserver.te new file mode 100644 index 00000000..69d7c1a4 --- /dev/null +++ b/whitechapel/vendor/google/audioserver.te @@ -0,0 +1,2 @@ +# allow access to ALSA MMAP FDs for AAudio API +allow audioserver audio_device:chr_file r_file_perms; diff --git a/whitechapel/vendor/google/property_contexts b/whitechapel/vendor/google/property_contexts index d921e065..cfe71e25 100644 --- a/whitechapel/vendor/google/property_contexts +++ b/whitechapel/vendor/google/property_contexts @@ -66,6 +66,7 @@ persist.vendor.sys. u:object_r:vendor_persist_sys_default_prop:s0 # for audio vendor.audio_hal.period_multiplier u:object_r:vendor_audio_prop:s0 vendor.audiodump.enable u:object_r:vendor_audio_prop:s0 +persist.vendor.audio. u:object_r:vendor_audio_prop:s0 # for display ro.vendor.hwc.drm.device u:object_r:vendor_display_prop:s0