Merge "Don't record audio if UID is idle - sepolicy"

commit: 1572cbaffa8590523cd4326ea174842af17474a6 [log] [tgz]
author: Treehugger Robot <treehugger-gerrit@google.com> Fri Jan 19 19:31:42 2018 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Fri Jan 19 19:31:42 2018 +0000
tree: bab8ffea95848b97905f0098ef1b107fc2b2b95e
parent: 43ef5f21f1fb968ff5c412cbe1a5fc7b53b7bd6f [diff]
parent: b9a1e7ba84d8afa4562e81b43b692670b8a8067e [diff]
diff --git a/private/audioserver.te b/private/audioserver.te
index 9119daa..b6deb28 100644
--- a/private/audioserver.te
+++ b/private/audioserver.te

@@ -29,6 +29,7 @@
 ')
 
 add_service(audioserver, audioserver_service)
+allow audioserver activity_service:service_manager find;
 allow audioserver appops_service:service_manager find;
 allow audioserver batterystats_service:service_manager find;
 allow audioserver permission_service:service_manager find;
@@ -45,6 +46,17 @@
 # For A2DP bridge which is loaded directly into audioserver
 unix_socket_connect(audioserver, bluetooth, bluetooth)
 
+# Allow shell commands from ADB for CTS testing/dumping
+allow audioserver adbd:fd use;
+allow audioserver adbd:unix_stream_socket { read write };
+
+# Allow shell commands from ADB for CTS testing/dumping
+userdebug_or_eng(`
+  allow audioserver su:fd use;
+  allow audioserver su:fifo_file { read write };
+  allow audioserver su:unix_stream_socket { read write };
+')
+
 ###
 ### neverallow rules
 ###
commit	1572cbaffa8590523cd4326ea174842af17474a6	[log] [tgz]
author	Treehugger Robot <treehugger-gerrit@google.com>	Fri Jan 19 19:31:42 2018 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Fri Jan 19 19:31:42 2018 +0000
tree	bab8ffea95848b97905f0098ef1b107fc2b2b95e
parent	43ef5f21f1fb968ff5c412cbe1a5fc7b53b7bd6f [diff]
parent	b9a1e7ba84d8afa4562e81b43b692670b8a8067e [diff]