Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 3c46d2ff9c30c16d03f02b463d381494e3047e13^! / . / private
commit3c46d2ff9c30c16d03f02b463d381494e3047e13[log] [tgz]
authorPhilip Cuadra <philipcuadra@google.com>Thu Mar 23 10:03:49 2017 -0700
committerPhilip Cuadra <philipcuadra@google.com>Wed Apr 26 11:48:00 2017 -0700
tree92dea31176b549b78b735f5ada107417ab3fb5e6
parenta9d7b895da2a2b0ed3dd3c63e958af219a334a3a [diff]
Allow Bluetooth sys_nice and system_server setsched for Bluetooth HAL

Bluetooth needs the capability to set audio-related threads to be RT
scheduled.  Grant it sys_nice.

system_server needs to set priority for the Bluetooth HAL.  Allow it.

Bug 37518404
Test:  Play Bluetooth audio, confirm RT scheduling with systrace
Merged-In: Iaf7b85a11a51883744d72a50addfd320b6fbbc2f
Change-Id: Iaf7b85a11a51883744d72a50addfd320b6fbbc2f

(cherry picked from commit 6eee6eb2c06ea812d43d8d617d10f3ef009a1a57)

diff --git a/private/bluetooth.te b/private/bluetooth.te
index da05cc2..1c0e14f 100644
--- a/private/bluetooth.te
+++ b/private/bluetooth.te

@@ -57,6 +57,9 @@
 # /data/data/com.android.shell/files/bugreports/bugreport-*.
 allow bluetooth shell_data_file:file read;
 
+# Bluetooth audio needs RT scheduling to meet deadlines, allow sys_nice
+allow bluetooth self:capability sys_nice;
+
 hal_client_domain(bluetooth, hal_bluetooth)
 hal_client_domain(bluetooth, hal_telephony)
 
@@ -69,6 +72,6 @@
 ###
 
 # Superuser capabilities.
-# bluetooth requires net_{admin,raw,bind_service} and wake_alarm and block_suspend.
-neverallow bluetooth self:capability ~{ net_admin net_raw net_bind_service };
+# Bluetooth requires net_{admin,raw,bind_service} and wake_alarm and block_suspend and sys_nice.
+neverallow bluetooth self:capability ~{ net_admin net_raw net_bind_service sys_nice};
 neverallow bluetooth self:capability2 ~{ wake_alarm block_suspend };

diff --git a/private/system_server.te b/private/system_server.te
index afca1f6..c4d17ef 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -98,6 +98,7 @@
 allow system_server appdomain:process { getsched setsched };
 allow system_server audioserver:process { getsched setsched };
 allow system_server hal_audio:process { getsched setsched };
+allow system_server hal_bluetooth:process { getsched setsched };
 allow system_server cameraserver:process { getsched setsched };
 allow system_server hal_camera:process { getsched setsched };
 allow system_server mediaserver:process { getsched setsched };