From fe72bc0c1d76c2944b2daaad6ac0e9f5d2593ca8 Mon Sep 17 00:00:00 2001
From: Bruce Po <brucepo@google.com>
Date: Fri, 19 Apr 2024 19:53:22 +0000
Subject: [PATCH] selinux allow aocxd to access AoC buffers

Allow aocxd service to access new device nodes
/dev/acd-aocx_inject*
/dev/acd-aocx_tapout*

type=1400 audit(0.0:88): avc:  denied  { getattr } for  path="/dev/acd-aocx_tapout0" dev="tmpfs" ino=1936 scontext=u:r:aocxd:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=0

type=1400 audit(0.0:89): avc:  denied  { getattr } for  path="/dev/acd-aocx_inject0" dev="tmpfs" ino=1937 scontext=u:r:aocxd:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=0

BUG: 335884035
Change-Id: Ie4cd637e91f1d9db081bb794a9fb60e3bafe0218
---
 aoc/sepolicy/file_contexts | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/aoc/sepolicy/file_contexts b/aoc/sepolicy/file_contexts
index c43bc75..ed8a6d6 100644
--- a/aoc/sepolicy/file_contexts
+++ b/aoc/sepolicy/file_contexts
@@ -28,6 +28,8 @@
 /dev/acd-audio_ap_offload_tx        u:object_r:aoc_device:s0
 /dev/acd-mel_processor              u:object_r:aoc_device:s0
 /dev/acd-aocx_control               u:object_r:aoc_device:s0
+/dev/acd-aocx_inject[0-9]*          u:object_r:aoc_device:s0
+/dev/acd-aocx_tapout[0-9]*          u:object_r:aoc_device:s0
 /dev/acd-mc_headpos                 u:object_r:aoc_device:s0
 
 # AoC vendor binaries