Add rules for accessing the related bluetooth_audio_hal_prop
This change allows those daemons of the audio and Bluetooth which
include HALs to access the bluetooth_audio_hal_prop. This property is
used to force disable the new BluetoothAudio HAL.
- persist.bluetooth.bluetooth_audio_hal.disabled
Bug: 128825244
Test: audio HAL can access the property
Change-Id: I87a8ba57cfbcd7d3e4548aa96bc915d0cc6b2b74
diff --git a/private/app_zygote.te b/private/app_zygote.te
index e221666..e44c1be 100644
--- a/private/app_zygote.te
+++ b/private/app_zygote.te
@@ -152,6 +152,7 @@
# neverallow rules for Bluetooth-related data files are listed above.
neverallow app_zygote {
bluetooth_a2dp_offload_prop
+ bluetooth_audio_hal_prop
bluetooth_prop
exported_bluetooth_prop
}:file create_file_perms;
diff --git a/private/audioserver.te b/private/audioserver.te
index 1e8b90b..07051af 100644
--- a/private/audioserver.te
+++ b/private/audioserver.te
@@ -42,6 +42,7 @@
# Allow read/write access to bluetooth-specific properties
set_prop(audioserver, bluetooth_a2dp_offload_prop)
+set_prop(audioserver, bluetooth_audio_hal_prop)
set_prop(audioserver, bluetooth_prop)
set_prop(audioserver, exported_bluetooth_prop)
diff --git a/private/bluetooth.te b/private/bluetooth.te
index fcbd509..b96fc58 100644
--- a/private/bluetooth.te
+++ b/private/bluetooth.te
@@ -41,6 +41,7 @@
# Allow write access to bluetooth specific properties
set_prop(bluetooth, bluetooth_a2dp_offload_prop)
+set_prop(bluetooth, bluetooth_audio_hal_prop)
set_prop(bluetooth, bluetooth_prop)
set_prop(bluetooth, exported_bluetooth_prop)
set_prop(bluetooth, pan_result_prop)
diff --git a/private/compat/28.0/28.0.ignore.cil b/private/compat/28.0/28.0.ignore.cil
index 7031977..40a001f 100644
--- a/private/compat/28.0/28.0.ignore.cil
+++ b/private/compat/28.0/28.0.ignore.cil
@@ -25,6 +25,7 @@
ashmem_device_service
attention_service
biometric_service
+ bluetooth_audio_hal_prop
bpf_progs_loaded_prop
bugreport_service
cgroup_desc_file
diff --git a/private/system_app.te b/private/system_app.te
index 38e7938..9a5e455 100644
--- a/private/system_app.te
+++ b/private/system_app.te
@@ -32,6 +32,7 @@
# Write to properties
set_prop(system_app, bluetooth_a2dp_offload_prop)
+set_prop(system_app, bluetooth_audio_hal_prop)
set_prop(system_app, bluetooth_prop)
set_prop(system_app, debug_prop)
set_prop(system_app, system_prop)
diff --git a/private/webview_zygote.te b/private/webview_zygote.te
index 95affef..4630c35 100644
--- a/private/webview_zygote.te
+++ b/private/webview_zygote.te
@@ -143,6 +143,7 @@
# neverallow rules for Bluetooth-related data files are listed above.
neverallow webview_zygote {
bluetooth_a2dp_offload_prop
+ bluetooth_audio_hal_prop
bluetooth_prop
exported_bluetooth_prop
}:file create_file_perms;
diff --git a/private/zygote.te b/private/zygote.te
index 4b8990c..bfb45f5 100644
--- a/private/zygote.te
+++ b/private/zygote.te
@@ -164,6 +164,7 @@
# Do not allow access to Bluetooth-related system properties and files
neverallow zygote {
bluetooth_a2dp_offload_prop
+ bluetooth_audio_hal_prop
bluetooth_prop
exported_bluetooth_prop
}:file create_file_perms;
diff --git a/public/app.te b/public/app.te
index ee9b8cf..e26ec0a 100644
--- a/public/app.te
+++ b/public/app.te
@@ -564,7 +564,7 @@
appdomain
-bluetooth
-system_app
-} { bluetooth_a2dp_offload_prop bluetooth_prop exported_bluetooth_prop }:file create_file_perms;
+} { bluetooth_audio_hal_prop bluetooth_a2dp_offload_prop bluetooth_prop exported_bluetooth_prop }:file create_file_perms;
# Apps cannot access proc_uid_time_in_state
neverallow appdomain proc_uid_time_in_state:file *;
diff --git a/public/hal_audio.te b/public/hal_audio.te
index 9ffb769..a1c098f 100644
--- a/public/hal_audio.te
+++ b/public/hal_audio.te
@@ -35,3 +35,4 @@
neverallow { halserverdomain -hal_audio_server } audio_device:chr_file *;
get_prop(hal_audio, bluetooth_a2dp_offload_prop)
+get_prop(hal_audio, bluetooth_audio_hal_prop)
diff --git a/public/hal_bluetooth.te b/public/hal_bluetooth.te
index 09c3ce6..97177ba 100644
--- a/public/hal_bluetooth.te
+++ b/public/hal_bluetooth.te
@@ -21,6 +21,7 @@
# Allow write access to bluetooth-specific properties
set_prop(hal_bluetooth, bluetooth_a2dp_offload_prop)
+set_prop(hal_bluetooth, bluetooth_audio_hal_prop)
set_prop(hal_bluetooth, bluetooth_prop)
set_prop(hal_bluetooth, exported_bluetooth_prop)
diff --git a/public/property.te b/public/property.te
index c2b65f0..044e5eb 100644
--- a/public/property.te
+++ b/public/property.te
@@ -2,6 +2,7 @@
type audio_prop, property_type, core_property_type;
type boottime_prop, property_type;
type bluetooth_a2dp_offload_prop, property_type;
+type bluetooth_audio_hal_prop, property_type;
type bluetooth_prop, property_type;
type bpf_progs_loaded_prop, property_type;
type bootloader_boot_reason_prop, property_type;
@@ -351,6 +352,7 @@
-apexd_prop
-audio_prop
-bluetooth_a2dp_offload_prop
+ -bluetooth_audio_hal_prop
-bluetooth_prop
-bootloader_boot_reason_prop
-boottime_prop
diff --git a/public/property_contexts b/public/property_contexts
index 3fe9feb..6845a70 100644
--- a/public/property_contexts
+++ b/public/property_contexts
@@ -72,6 +72,7 @@
media.stagefright.thumbnail.prefer_hw_codecs u:object_r:exported3_default_prop:s0 exact bool
persist.bluetooth.a2dp_offload.cap u:object_r:bluetooth_a2dp_offload_prop:s0 exact string
persist.bluetooth.a2dp_offload.disabled u:object_r:bluetooth_a2dp_offload_prop:s0 exact bool
+persist.bluetooth.bluetooth_audio_hal.disabled u:object_r:bluetooth_audio_hal_prop:s0 exact bool
persist.bluetooth.btsnoopenable u:object_r:exported_bluetooth_prop:s0 exact bool
persist.config.calibration_fac u:object_r:exported3_default_prop:s0 exact string
persist.dbg.volte_avail_ovr u:object_r:exported3_default_prop:s0 exact int
diff --git a/public/vendor_init.te b/public/vendor_init.te
index fd0d6e3..6ed7b02 100644
--- a/public/vendor_init.te
+++ b/public/vendor_init.te
@@ -213,6 +213,7 @@
allow vendor_init file_contexts_file:file r_file_perms;
set_prop(vendor_init, bluetooth_a2dp_offload_prop)
+set_prop(vendor_init, bluetooth_audio_hal_prop)
set_prop(vendor_init, cpu_variant_prop)
set_prop(vendor_init, debug_prop)
set_prop(vendor_init, exported_audio_prop)