Merge "Fix SELinux errors with aocd" into sc-dev

tracking_denials/aocd.te

@@ -1,8 +0,0 @@
-# b/171267323
-dontaudit aocd device:dir r_dir_perms;
-# b/182218891
-dontaudit aocd property_socket:sock_file { write };
-dontaudit aocd init:unix_stream_socket { connectto };
-dontaudit aocd vendor_default_prop:property_service { set };
-dontaudit aocd property_socket:sock_file { write };
-dontaudit aocd init:unix_stream_socket { connectto };

whitechapel/vendor/google/aocd.te

@@ -5,6 +5,7 @@ init_daemon_domain(aocd)
 # access persist files
 allow aocd mnt_vendor_file:dir search;
 allow aocd persist_file:dir search;
+r_dir_file(aocd, persist_aoc_file);
 
 # sysfs operations
 allow aocd sysfs_aoc:dir search;
@@ -12,3 +13,9 @@ allow aocd sysfs_aoc_firmware:file w_file_perms;
 
 # dev operations
 allow aocd aoc_device:chr_file r_file_perms;
+
+# allow inotify to watch for additions/removals from /dev
+allow aocd device:dir r_dir_perms;
+
+# set properties
+set_prop(aocd, vendor_aoc_prop)

whitechapel/vendor/google/file.te

@@ -96,7 +96,8 @@ type sysfs_aoc_firmware, sysfs_type, fs_type;
 type sysfs_aoc, sysfs_type, fs_type;
 
 # Audio
-type persist_audio_file, file_type , vendor_persist_type;
+type persist_audio_file, file_type, vendor_persist_type;
+type persist_aoc_file, file_type, vendor_persist_type;
 type audio_vendor_data_file, file_type, data_file_type;
 type aoc_audio_file, file_type, vendor_file_type;
 

whitechapel/vendor/google/file_contexts

@@ -291,6 +291,7 @@
 /dev/ttySAC16                       u:object_r:hci_attach_dev:s0
 
 # Audio
+/mnt/vendor/persist/aoc(/.*)?       u:object_r:persist_aoc_file:s0
 /mnt/vendor/persist/audio(/.*)?     u:object_r:persist_audio_file:s0
 /data/vendor/audio(/.*)?            u:object_r:audio_vendor_data_file:s0
 /vendor/etc/aoc(/.*)?               u:object_r:aoc_audio_file:s0

whitechapel/vendor/google/property.te

@@ -33,6 +33,9 @@ system_public_prop(vendor_edgetpu_service_prop)
 # Battery defender
 vendor_internal_prop(vendor_battery_defender_prop)
 
+# AoC
+vendor_internal_prop(vendor_aoc_prop)
+
 # NFC
 vendor_internal_prop(vendor_nfc_prop)
 

whitechapel/vendor/google/property_contexts

@@ -96,6 +96,9 @@ persist.vendor.nfc.                             u:object_r:vendor_nfc_prop:s0
 # Battery
 vendor.battery.defender.                        u:object_r:vendor_battery_defender_prop:s0
 
+# AoC
+vendor.aoc.firmware.version                     u:object_r:vendor_aoc_prop:s0
+
 # WiFi
 vendor.wlan.driver.version                      u:object_r:vendor_wifi_version:s0
 vendor.wlan.firmware.version                    u:object_r:vendor_wifi_version:s0