Google Git
Sign in
android / device / moto / shamu / 0842633^! / .
commit08426334beb1fd16049cf501946bf6791292eb44[log] [tgz]
authorAndy Hung <hunga@google.com>Mon Dec 07 14:33:02 2015 -0800
committerAndy Hung <hunga@google.com>Mon Dec 07 14:33:02 2015 -0800
tree94a41bb3b01461aa6e144a7ad11f514efdfeac19
parentb9a9db0f0c1ffb563735deb5797f6d64787e0580 [diff]
Add audioserver to Shamu sepolicy

audioserver has the same rules as mediaserver so there is
no loss of rights or permissions.

TBD: pare down permissions

Bug: 24511453
Change-Id: I479ddf0739324bd6cfabb3fa7fc1f6d5ab36537f

diff --git a/sepolicy/audioserver.te b/sepolicy/audioserver.te
new file mode 100644
index 0000000..2b13b05
--- /dev/null
+++ b/sepolicy/audioserver.te

@@ -0,0 +1,16 @@
+# Grant access to Qualcomm MSM Interface (QMI) audio sockets to audioserver
+qmux_socket(audioserver)
+
+# Permit audioserver to create sockets with no specific SELinux class.
+# TODO: Investigate the specific type of socket.
+allow audioserver self:socket create_socket_perms;
+
+allow audioserver mpdecision_socket:dir r_dir_perms;
+unix_socket_send(audioserver, mpdecision, mpdecision)
+
+binder_call(audioserver, rild)
+
+unix_socket_send(audioserver, camera, camera)
+unix_socket_connect(audioserver, adspd, adspd)
+allow audioserver audio_cutback_data_file:dir search;
+allow audioserver audio_cutback_data_file:sock_file write;

diff --git a/sepolicy/camera.te b/sepolicy/camera.te
index afeb1ed..452486f 100644
--- a/sepolicy/camera.te
+++ b/sepolicy/camera.te

@@ -8,7 +8,7 @@
 # Interact with other media devices
 allow camera camera_device:dir search;
 allow camera { gpu_device video_device camera_device }:chr_file rw_file_perms;
-allow camera { surfaceflinger mediaserver }:fd use;
+allow camera { audioserver surfaceflinger mediaserver }:fd use;
 
 # Connect to sensor socket (/dev/sensor/sensor_ctl_socket)
 unix_socket_connect(camera, sensors, sensors)

diff --git a/sepolicy/mpdecision.te b/sepolicy/mpdecision.te
index 83f04d6..e06b459 100644
--- a/sepolicy/mpdecision.te
+++ b/sepolicy/mpdecision.te

@@ -32,5 +32,6 @@
 allow mpdecision sysfs:file write;
 r_dir_file(mpdecision, system_server)
 r_dir_file(mpdecision, mediaserver)
+r_dir_file(mpdecision, audioserver)
 
 allow mpdecision self:capability sys_nice;

diff --git a/sepolicy/rild.te b/sepolicy/rild.te
index 00f32f8..216271e 100644
--- a/sepolicy/rild.te
+++ b/sepolicy/rild.te

@@ -1,3 +1,4 @@
+binder_call(rild, audioserver)
 binder_call(rild, mediaserver)
 binder_use(rild)
 binder_service(rild)
@@ -27,4 +28,5 @@
 allow rild fsg_file:dir search;
 allow rild fsg_file:file r_file_perms;
 
+allow rild audioserver_service:service_manager find;
 allow rild mediaserver_service:service_manager find;