Grant device-specific hwservicemanager access
Test: Play movie in Netflix and Google Play Movies
Test: Play video in YouTube app and YouTube web page
Test: In Google Camera app, take photo (HDR+ and conventional),
record video (slow motion and normal), and check that photos
look fine and videos play back with sound.
Test: Get location fix in Google Maps
Test: Make and receive a phone call, check that sound works both ways
and that disconnecting the call frome either end works fine.
Test: Run RsHelloCompute RenderScript demo app
Test: Run fast subset of media CTS tests:
make and install CtsMediaTestCases.apk
adb shell am instrument -e size small \
-w 'android.media.cts/android.support.test.runner.AndroidJUnitRunner'
Test: Play music using Google Play music
Bug: 34454312
Change-Id: Ibf3abeb4a17003d2e70703e0b6464087362cc267
diff --git a/sepolicy/google_camera_app.te b/sepolicy/google_camera_app.te
index 734eaed..1bc6dfb 100644
--- a/sepolicy/google_camera_app.te
+++ b/sepolicy/google_camera_app.te
@@ -14,6 +14,8 @@
allow google_camera_app nfc_service:service_manager find;
allow google_camera_app surfaceflinger_service:service_manager find;
+allow google_camera_app hidl_token_hwservice:hwservice_manager find;
+
# Execute libraries from RenderScript cache
allow google_camera_app app_data_file:file { rx_file_perms };
diff --git a/sepolicy/hwservice.te b/sepolicy/hwservice.te
new file mode 100644
index 0000000..a2c7819
--- /dev/null
+++ b/sepolicy/hwservice.te
@@ -0,0 +1,2 @@
+type vnd_atcmdfwd_hwservice, hwservice_manager_type;
+type vnd_qcril_audio_hwservice, hwservice_manager_type;
diff --git a/sepolicy/hwservice_contexts b/sepolicy/hwservice_contexts
new file mode 100644
index 0000000..08e8fa1
--- /dev/null
+++ b/sepolicy/hwservice_contexts
@@ -0,0 +1,2 @@
+vendor.qti.atcmdfwd::IAtCmdFwd u:object_r:vnd_atcmdfwd_hwservice:s0
+vendor.qti.qcril.am::IQcRilAudio u:object_r:vnd_qcril_audio_hwservice:s0
diff --git a/sepolicy/location.te b/sepolicy/location.te
index 72241ae..186a23a 100644
--- a/sepolicy/location.te
+++ b/sepolicy/location.te
@@ -13,6 +13,7 @@
hwbinder_use(location)
get_prop(location, hwservicemanager_prop)
+allow location fwk_sensor_hwservice:hwservice_manager find;
binder_call(location, system_server)
allow location hal_wifi:unix_stream_socket { read write };
diff --git a/sepolicy/platform_app.te b/sepolicy/platform_app.te
index 1c9415d..0094919 100644
--- a/sepolicy/platform_app.te
+++ b/sepolicy/platform_app.te
@@ -1,3 +1,4 @@
+allow platform_app vnd_qcril_audio_hwservice:hwservice_manager find;
binder_call(platform_app, rild);
userdebug_or_eng(`
diff --git a/sepolicy/qtelephony.te b/sepolicy/qtelephony.te
index d792afa..72ec53a 100644
--- a/sepolicy/qtelephony.te
+++ b/sepolicy/qtelephony.te
@@ -3,6 +3,9 @@
app_domain(qtelephony)
+hwbinder_use(qtelephony)
+add_hwservice(qtelephony, vnd_atcmdfwd_hwservice)
+
allow qtelephony { app_api_service }:service_manager find;
# Read and write /data/data subdirectory.
diff --git a/sepolicy/rild.te b/sepolicy/rild.te
index 7f9455e..4f9eee5 100644
--- a/sepolicy/rild.te
+++ b/sepolicy/rild.te
@@ -3,6 +3,9 @@
allow rild per_mgr_service:service_manager find;
+hwbinder_use(rild)
+add_hwservice(rild, vnd_qcril_audio_hwservice)
+
vndbinder_use(rild)
binder_call(rild, per_mgr)
