From e23d5c44d0f21b364e73c107131a3586fad6c754 Mon Sep 17 00:00:00 2001
From: Carter Hsu <carterhsu@google.com>
Date: Fri, 22 Dec 2023 01:35:51 +0000
Subject: [PATCH] Allow hal_audio_default to access DMA and TPU property

12-19 13:46:27.396000  1041  4222  4222 W gsenet/4949: type=1400 audit(0.0:51): avc:  denied  { read } for  name="u:object_r:vendor_edgetpu_runtime_prop:s0" dev="tmpfs" ino=399 scontext=u:r:hal_audio_default:s0 tcontext=u:object_r:vendor_edgetpu_runtime_prop:s0 tclass=file permissive=0

12-19 13:46:27.396000  1041  4222  4222 I auditd  : type=1400 audit(0.0:52): avc:  denied  { read } for  comm="gsenet/4949" name="system" dev="tmpfs" ino=1217 scontext=u:r:hal_audio_default:s0 tcontext=u:object_r:dmabuf_system_heap_device:s0 tclass=chr_file permissive=0

12-19 13:46:27.396000  1041  4222  4222 W gsenet/4949: type=1400 audit(0.0:52): avc:  denied  { read } for  name="system" dev="tmpfs" ino=1217 scontext=u:r:hal_audio_default:s0 tcontext=u:object_r:dmabuf_system_heap_device:s0 tclass=chr_file permissive=0

Bug: 317032803
Test: Verified by test build
Change-Id: Ifc2b720615b2ee9b74de163c128962411bbe0d4e
Signed-off-by: Carter Hsu <carterhsu@google.com>
---
 edgetpu/sepolicy/hal_audio_default.te | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/edgetpu/sepolicy/hal_audio_default.te b/edgetpu/sepolicy/hal_audio_default.te
index 2646fcc..523770c 100644
--- a/edgetpu/sepolicy/hal_audio_default.te
+++ b/edgetpu/sepolicy/hal_audio_default.te
@@ -12,3 +12,7 @@ binder_call(hal_audio_default, edgetpu_app_server)
 
 # Allow audio HAL to read tflite Darwinn delegate properties
 get_prop(hal_audio_default, vendor_tflite_delegate_prop)
+get_prop(hal_audio_default, vendor_edgetpu_runtime_prop)
+
+# Allow DMA Buf access.
+allow hal_audio_default dmabuf_system_heap_device:chr_file r_file_perms;