commit e55a74bdffcdbbc8809a27215df9d3fd38965a93
author Cheney Ni <cheneyni@google.com> Mon Mar 18 11:07:32 2019 +0800
committer Cheney Ni <cheneyni@google.com> Wed Mar 20 03:12:25 2019 +0000
tree 126e9c64e77d2c5e5c9f36b26665baab1770226d
parent 2456c37021e350a21737f29ff5ed0a39d146d9ca

Add rules for accessing the related bluetooth_audio_hal_prop

This change allows those daemons of the audio and Bluetooth which
include HALs to access the bluetooth_audio_hal_prop. This property is
used to force disable the new BluetoothAudio HAL.
  - persist.bluetooth.bluetooth_audio_hal.disabled

Bug: 128825244
Test: audio HAL can access the property
Change-Id: I87a8ba57cfbcd7d3e4548aa96bc915d0cc6b2b74

private/app_zygote.te

diff --git a/private/app_zygote.te b/private/app_zygote.te
index e221666..e44c1be 100644
--- a/private/app_zygote.te
+++ b/private/app_zygote.te
@@ -152,6 +152,7 @@
 # neverallow rules for Bluetooth-related data files are listed above.
 neverallow app_zygote {
   bluetooth_a2dp_offload_prop
+  bluetooth_audio_hal_prop
   bluetooth_prop
   exported_bluetooth_prop
 }:file create_file_perms;

private/audioserver.te

diff --git a/private/audioserver.te b/private/audioserver.te
index 1e8b90b..07051af 100644
--- a/private/audioserver.te
+++ b/private/audioserver.te
@@ -42,6 +42,7 @@
 
 # Allow read/write access to bluetooth-specific properties
 set_prop(audioserver, bluetooth_a2dp_offload_prop)
+set_prop(audioserver, bluetooth_audio_hal_prop)
 set_prop(audioserver, bluetooth_prop)
 set_prop(audioserver, exported_bluetooth_prop)
 

private/bluetooth.te

diff --git a/private/bluetooth.te b/private/bluetooth.te
index fcbd509..b96fc58 100644
--- a/private/bluetooth.te
+++ b/private/bluetooth.te
@@ -41,6 +41,7 @@
 
 # Allow write access to bluetooth specific properties
 set_prop(bluetooth, bluetooth_a2dp_offload_prop)
+set_prop(bluetooth, bluetooth_audio_hal_prop)
 set_prop(bluetooth, bluetooth_prop)
 set_prop(bluetooth, exported_bluetooth_prop)
 set_prop(bluetooth, pan_result_prop)

private/compat/28.0/28.0.ignore.cil

diff --git a/private/compat/28.0/28.0.ignore.cil b/private/compat/28.0/28.0.ignore.cil
index 7031977..40a001f 100644
--- a/private/compat/28.0/28.0.ignore.cil
+++ b/private/compat/28.0/28.0.ignore.cil
@@ -25,6 +25,7 @@
     ashmem_device_service
     attention_service
     biometric_service
+    bluetooth_audio_hal_prop
     bpf_progs_loaded_prop
     bugreport_service
     cgroup_desc_file

private/system_app.te

diff --git a/private/system_app.te b/private/system_app.te
index 38e7938..9a5e455 100644
--- a/private/system_app.te
+++ b/private/system_app.te
@@ -32,6 +32,7 @@
 
 # Write to properties
 set_prop(system_app, bluetooth_a2dp_offload_prop)
+set_prop(system_app, bluetooth_audio_hal_prop)
 set_prop(system_app, bluetooth_prop)
 set_prop(system_app, debug_prop)
 set_prop(system_app, system_prop)

private/webview_zygote.te

diff --git a/private/webview_zygote.te b/private/webview_zygote.te
index 95affef..4630c35 100644
--- a/private/webview_zygote.te
+++ b/private/webview_zygote.te
@@ -143,6 +143,7 @@
 # neverallow rules for Bluetooth-related data files are listed above.
 neverallow webview_zygote {
   bluetooth_a2dp_offload_prop
+  bluetooth_audio_hal_prop
   bluetooth_prop
   exported_bluetooth_prop
 }:file create_file_perms;

private/zygote.te

diff --git a/private/zygote.te b/private/zygote.te
index 4b8990c..bfb45f5 100644
--- a/private/zygote.te
+++ b/private/zygote.te
@@ -164,6 +164,7 @@
 # Do not allow access to Bluetooth-related system properties and files
 neverallow zygote {
   bluetooth_a2dp_offload_prop
+  bluetooth_audio_hal_prop
   bluetooth_prop
   exported_bluetooth_prop
 }:file create_file_perms;