6dea3e0842
- Add audio hal into hal_health clients
- allow audio hal to find fwk_sensor_hwservice
SELinux : avc: denied { find } for interface=android.frameworks.sensorservice::ISensorManager sid=u:r:hal_audio_default:s0 pid=5907 scontext=u:r:hal_audio_default:s0 tcontext=u:object_r:fwk_sensor_hwservice:s0 tclass=hwservice_manager permissive=1
SELinux : avc: denied { find } for interface=android.hardware.health::IHealth sid=u:r:hal_audio_default:s0 pid=9875 scontext=u:r:hal_audio_default:s0 tcontext=u:object_r:hal_health_hwservice:s0 tclass=hwservice_manager permissive=1
audio.service: type=1400 audit(0.0:14): avc: denied { call } for scontext=u:r:hal_audio_default:s0 tcontext=u:r:hal_health_default:s0 tclass=binder permissive=1
audio.service: type=1400 audit(0.0:15): avc: denied { transfer } for scontext=u:r:hal_audio_default:s0 tcontext=u:r:hal_health_default:s0 tclass=binder permissive=1
Bug: 199382564
Bug: 199801586
Test: build pass
Signed-off-by: Jasmine Cha <chajasmine@google.com>
Change-Id: I6c8d9cd73953b20905857368d740fd91e92c6928
34 lines
1.2 KiB
Text
34 lines
1.2 KiB
Text
vndbinder_use(hal_audio_default)
|
|
hwbinder_use(hal_audio_default)
|
|
|
|
allow hal_audio_default audio_vendor_data_file:dir rw_dir_perms;
|
|
allow hal_audio_default audio_vendor_data_file:file create_file_perms;
|
|
|
|
r_dir_file(hal_audio_default, aoc_audio_file);
|
|
r_dir_file(hal_audio_default, mnt_vendor_file);
|
|
r_dir_file(hal_audio_default, persist_audio_file);
|
|
|
|
allow hal_audio_default persist_file:dir search;
|
|
allow hal_audio_default aoc_device:file rw_file_perms;
|
|
allow hal_audio_default aoc_device:chr_file rw_file_perms;
|
|
|
|
allow hal_audio_default hal_audio_ext_hwservice:hwservice_manager { find add };
|
|
|
|
allow hal_audio_default amcs_device:file rw_file_perms;
|
|
allow hal_audio_default amcs_device:chr_file rw_file_perms;
|
|
allow hal_audio_default sysfs_pixelstats:file rw_file_perms;
|
|
|
|
#allow access to DMABUF Heaps for AAudio API
|
|
allow hal_audio_default dmabuf_heap_device:chr_file r_file_perms;
|
|
|
|
get_prop(hal_audio_default, vendor_audio_prop);
|
|
|
|
hal_client_domain(hal_audio_default, hal_health);
|
|
allow hal_audio_default fwk_sensor_hwservice:hwservice_manager find;
|
|
|
|
userdebug_or_eng(`
|
|
allow hal_audio_default self:unix_stream_socket create_stream_socket_perms;
|
|
allow hal_audio_default audio_vendor_data_file:sock_file { create unlink };
|
|
')
|
|
|
|
wakelock_use(hal_audio_default);
|