From 8889eb64969fb417e183ae59ed1d97d4b3993df5 Mon Sep 17 00:00:00 2001
From: millerliang <millerliang@google.com>
Date: Sat, 7 Jan 2023 22:30:17 +0800
Subject: [PATCH] audio:fix AAudio API access denial

This commit adds the sepolicy file for AAudio API

I auditd  : type=1400 audit(0.0:113):
avc: denied { map } for comm="binder:900_7" path="/dev/snd/pcmC0D0p"
dev="tmpfs" ino=1191 scontext=u:r:audioserver:s0
tcontext=u:object_r:audio_device:s0 tclass=chr_file permissive=1

Bug: 264484544
Test: test_steal_exclusive -c0
Test: Check no avc_deny on audioserver
Change-Id: I9efde74c74722b1b32c1d800a4cbceea8a850bfa
---
 tracking_denials/audioserver.te | 4 ----
 vendor/audioserver.te           | 2 ++
 2 files changed, 2 insertions(+), 4 deletions(-)
 delete mode 100644 tracking_denials/audioserver.te
 create mode 100644 vendor/audioserver.te

diff --git a/tracking_denials/audioserver.te b/tracking_denials/audioserver.te
deleted file mode 100644
index 264a0d97..00000000
--- a/tracking_denials/audioserver.te
+++ /dev/null
@@ -1,4 +0,0 @@
-# b/264484544
-userdebug_or_eng(`
-  permissive audioserver;
-')
\ No newline at end of file
diff --git a/vendor/audioserver.te b/vendor/audioserver.te
new file mode 100644
index 00000000..a0466ed1
--- /dev/null
+++ b/vendor/audioserver.te
@@ -0,0 +1,2 @@
+#allow access to ALSA MMAP FDs for AAudio API
+allow audioserver audio_device:chr_file r_file_perms;