From 695d5c03597e9efbacfc5a7b3772098e3c2d6002 Mon Sep 17 00:00:00 2001
From: bengris32 <bengris32@protonmail.ch>
Date: Mon, 22 Aug 2022 20:49:58 +0100
Subject: [PATCH] sepolicy: basic: non_plat: Address Audio HAL tcp_socket
 neverallow * Due to system SEPolicy/audioserver changes in Android 13,  
 mtk_hal_audio needs to be allowed to create and use TCP sockets.
 Signed-off-by: bengris32 <bengris32@protonmail.ch>

Change-Id: I8d1d0034dfeb64ede815f7c7c7249ee034dd9528
---
 basic/non_plat/mtk_hal_audio.te | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/basic/non_plat/mtk_hal_audio.te b/basic/non_plat/mtk_hal_audio.te
index f02354c..d948673 100644
--- a/basic/non_plat/mtk_hal_audio.te
+++ b/basic/non_plat/mtk_hal_audio.te
@@ -25,8 +25,8 @@ allow mtk_hal_audio audio_device:chr_file rw_file_perms;
 neverallow mtk_hal_audio { file_type fs_type }:file execute_no_trans;
 
 # mtk_hal_audio should never need network access.
-# Disallow network sockets.
-neverallow mtk_hal_audio domain:{ tcp_socket udp_socket rawip_socket } *;
+# Disallow network sockets apart from TCP sockets.
+neverallow mtk_hal_audio domain:{ udp_socket rawip_socket } *;
 
 # Date : WK14.32
 # Operation : Migration