1*e4a36f41SAndroid Build Coastguard Worker# HwBinder IPC from client to server, and callbacks 2*e4a36f41SAndroid Build Coastguard Workerbinder_call(hal_audio_client, hal_audio_server) 3*e4a36f41SAndroid Build Coastguard Workerbinder_call(hal_audio_server, hal_audio_client) 4*e4a36f41SAndroid Build Coastguard Worker 5*e4a36f41SAndroid Build Coastguard Workerhal_attribute_hwservice(hal_audio, hal_audio_hwservice) 6*e4a36f41SAndroid Build Coastguard Workerhal_attribute_service(hal_audio, hal_audio_service) 7*e4a36f41SAndroid Build Coastguard Worker 8*e4a36f41SAndroid Build Coastguard Workerallow hal_audio ion_device:chr_file r_file_perms; 9*e4a36f41SAndroid Build Coastguard Worker 10*e4a36f41SAndroid Build Coastguard Workerbinder_call(hal_audio_server, servicemanager) 11*e4a36f41SAndroid Build Coastguard Worker 12*e4a36f41SAndroid Build Coastguard Workerr_dir_file(hal_audio, proc) 13*e4a36f41SAndroid Build Coastguard Workerr_dir_file(hal_audio, proc_asound) 14*e4a36f41SAndroid Build Coastguard Workerallow hal_audio_server audio_device:dir r_dir_perms; 15*e4a36f41SAndroid Build Coastguard Workerallow hal_audio_server audio_device:chr_file rw_file_perms; 16*e4a36f41SAndroid Build Coastguard Worker 17*e4a36f41SAndroid Build Coastguard Worker# Needed to provide debug dump output via dumpsys' pipes. 18*e4a36f41SAndroid Build Coastguard Workerallow hal_audio shell:fd use; 19*e4a36f41SAndroid Build Coastguard Workerallow hal_audio shell:fifo_file write; 20*e4a36f41SAndroid Build Coastguard Workerallow hal_audio dumpstate:fd use; 21*e4a36f41SAndroid Build Coastguard Workerallow hal_audio dumpstate:fifo_file write; 22*e4a36f41SAndroid Build Coastguard Worker 23*e4a36f41SAndroid Build Coastguard Worker# Needed to allow sound trigger hal to access shared memory from apps. 24*e4a36f41SAndroid Build Coastguard Workerallow hal_audio_server appdomain:fd use; 25*e4a36f41SAndroid Build Coastguard Worker# Allow sound trigger hal to access shared memory from system server. 26*e4a36f41SAndroid Build Coastguard Workerallow hal_audio_server system_server_tmpfs:file { getattr map read }; 27*e4a36f41SAndroid Build Coastguard Worker 28*e4a36f41SAndroid Build Coastguard Worker# allow self to set scheduler (and allows Binder RT PI) 29*e4a36f41SAndroid Build Coastguard Workerallow hal_audio_server self:global_capability_class_set sys_nice; 30*e4a36f41SAndroid Build Coastguard Worker 31*e4a36f41SAndroid Build Coastguard Worker# allow hal audio to use vnbinder 32*e4a36f41SAndroid Build Coastguard Workervndbinder_use(hal_audio) 33*e4a36f41SAndroid Build Coastguard Worker 34*e4a36f41SAndroid Build Coastguard Worker### 35*e4a36f41SAndroid Build Coastguard Worker### neverallow rules 36*e4a36f41SAndroid Build Coastguard Worker### 37*e4a36f41SAndroid Build Coastguard Worker 38*e4a36f41SAndroid Build Coastguard Worker# Should never execute any executable without a domain transition 39*e4a36f41SAndroid Build Coastguard Workerneverallow hal_audio_server { file_type fs_type }:file execute_no_trans; 40*e4a36f41SAndroid Build Coastguard Worker 41*e4a36f41SAndroid Build Coastguard Worker# Only audio HAL may directly access the audio hardware 42*e4a36f41SAndroid Build Coastguard Workerneverallow { halserverdomain -hal_audio_server -hal_omx_server } audio_device:chr_file *; 43*e4a36f41SAndroid Build Coastguard Worker 44*e4a36f41SAndroid Build Coastguard Workerget_prop(hal_audio, audio_config_prop) 45*e4a36f41SAndroid Build Coastguard Workerget_prop(hal_audio, bluetooth_a2dp_offload_prop) 46*e4a36f41SAndroid Build Coastguard Workerget_prop(hal_audio, bluetooth_audio_hal_prop) 47