6b92b30e7b
Add new aocxd server domain
- Allow aocxd to access AOC resources
- Add new aocx binder vendor service
Allow audio hal to find and talk to aocx
avc error tcontext=u:object_r:binder_device:s0 tclass=chr_file or tcontext=u:object_r:vndbinder_device:s0 tclass=chr_file
avc: denied { add } for pid=1073 uid=0 name=aocx.IAocx scontext=u:r:aocxd:s0 tcontext=u:object_r:aocx:s0 tclass=service_manager
avc: denied { call } for scontext=u:r:hal_audio_default:s0 tcontext=u:r:aocxd:s0 tclass=binder
BUG: 315853303
Change-Id: Ide16a2be9f032bef60f43d4d3daa6372ae06b057
26 lines
545 B
Plaintext
26 lines
545 B
Plaintext
# aocxd server domain
|
|
type aocxd, domain;
|
|
type aocxd_exec, vendor_file_type, exec_type, file_type;
|
|
init_daemon_domain(aocxd)
|
|
|
|
# sysfs operations
|
|
allow aocxd sysfs_aoc:dir search;
|
|
|
|
# dev operations
|
|
allow aocxd aoc_device:chr_file rw_file_perms;
|
|
|
|
# allow inotify to watch for additions/removals from /dev
|
|
allow aocxd device:dir r_dir_perms;
|
|
|
|
# set properties
|
|
set_prop(aocxd, vendor_aoc_prop);
|
|
|
|
# allow binder access
|
|
vndbinder_use(aocxd);
|
|
|
|
# allow managing wakelocks
|
|
wakelock_use(aocxd);
|
|
|
|
# add aocx service to the domain
|
|
add_service(aocxd, aocx);
|