From 56b7e390c4672513cf25a95aa80618efa31a67b4 Mon Sep 17 00:00:00 2001
From: Lili Lin <lili.lin@mediatek.com>
Date: Sat, 18 Jan 2020 10:02:48 +0800
Subject: [PATCH] [ALPS03959715] move audio-daemon to vendor

1. Per customer request, move audio-daemon to vendor partition.
2. Implement GetVolumeIndex

MTK-Commit-Id: 4f61171696528b80f9973cb1e3820c9f91116755

Change-Id: Id82b004a39b1217b543c42b9f66de72fb1f76a59
CR-Id: ALPS03959715
Feature: Audio Tuning Tool
---
 non_plat/audiocmdservice_atci.te     | 23 +++++++++++++-
 non_plat/file.te                     |  2 ++
 non_plat/file_contexts               |  2 ++
 plat_private/audiocmdservice_atci.te | 45 ----------------------------
 plat_private/audioserver.te          |  3 --
 plat_private/file_contexts           |  1 -
 plat_public/audiocmdservice_atci.te  |  8 -----
 7 files changed, 26 insertions(+), 58 deletions(-)
 delete mode 100644 plat_private/audiocmdservice_atci.te
 delete mode 100644 plat_public/audiocmdservice_atci.te

diff --git a/non_plat/audiocmdservice_atci.te b/non_plat/audiocmdservice_atci.te
index 4d64923..58ee636 100644
--- a/non_plat/audiocmdservice_atci.te
+++ b/non_plat/audiocmdservice_atci.te
@@ -1,5 +1,12 @@
 # ==============================================
 # Policy File of /system/bin/audiocmdservice_atci Executable File
+type audiocmdservice_atci ,domain;
+type audiocmdservice_atci_exec, exec_type, file_type, vendor_file_type;
+
+init_daemon_domain(audiocmdservice_atci)
+
+unix_socket_connect(atci_service, atci-audio, audiocmdservice_atci);
+allow audiocmdservice_atci self:unix_stream_socket { create_socket_perms read write };
 
 # Access to storages for audio tuning tool to read/write tuning result
 allow audiocmdservice_atci { block_device device }:dir { write search };
@@ -7,5 +14,19 @@ allow audiocmdservice_atci mnt_user_file:dir rw_dir_perms;
 allow audiocmdservice_atci { mnt_user_file storage_file }:lnk_file rw_file_perms;
 allow audiocmdservice_atci bootdevice_block_device:blk_file { read write };
 
-allow audiocmdservice_atci hal_audio_hwservice:hwservice_manager find;
+
+# can route /dev/binder traffic to /dev/vndbinder
+vndbinder_use(audiocmdservice_atci)
 binder_call(audiocmdservice_atci,mtk_hal_audio);
+
+#Android O porting
+hwbinder_use(audiocmdservice_atci)
+get_prop(audiocmdservice_atci, hwservicemanager_prop);
+allow audiocmdservice_atci hal_audio_hwservice:hwservice_manager find;
+
+#To access the file at /dev/kmsg
+allow audiocmdservice_atci kmsg_device:chr_file w_file_perms;
+
+userdebug_or_eng(`
+  allow audiocmdservice_atci self:capability { sys_nice fowner chown fsetid setuid ipc_lock net_admin};
+')
diff --git a/non_plat/file.te b/non_plat/file.te
index b99d6e7..24bc1fd 100644
--- a/non_plat/file.te
+++ b/non_plat/file.te
@@ -298,3 +298,5 @@ type sysfs_spm, fs_type, sysfs_type;
 # Purpose : mtk EM Audio headset detect
 type sysfs_headset, fs_type, sysfs_type;
 
+# socket between atci_service and audio-daemon
+type atci-audio_socket, file_type;
diff --git a/non_plat/file_contexts b/non_plat/file_contexts
index 0dc6e59..3171cb7 100644
--- a/non_plat/file_contexts
+++ b/non_plat/file_contexts
@@ -241,6 +241,7 @@
 /dev/socket/agpsd2(/.*)? u:object_r:agpsd_socket:s0
 /dev/socket/agpsd3(/.*)? u:object_r:agpsd_socket:s0
 /dev/socket/agpsd(/.*)? u:object_r:agpsd_socket:s0
+/dev/socket/atci-audio(/.*)? u:object_r:atci-audio_socket:s0
 /dev/socket/backuprestore(/.*)? u:object_r:backuprestore_socket:s0
 /dev/socket/dfo(/.*)? u:object_r:dfo_socket:s0
 /dev/socket/dnsproxyd(/.*)? u:object_r:dnsproxyd_socket:s0
@@ -523,6 +524,7 @@
 #############################
 # System files
 #
+/(system\/vendor|vendor)/bin/audiocmdservice_atci u:object_r:audiocmdservice_atci_exec:s0
 /(system\/vendor|vendor)/bin/stp_dump3 u:object_r:stp_dump3_exec:s0
 /(system\/vendor|vendor)/bin/wmt_launcher u:object_r:mtk_wmt_launcher_exec:s0
 /(system\/vendor|vendor)/bin/ccci_fsd u:object_r:ccci_fsd_exec:s0
diff --git a/plat_private/audiocmdservice_atci.te b/plat_private/audiocmdservice_atci.te
deleted file mode 100644
index 7d21ae9..0000000
--- a/plat_private/audiocmdservice_atci.te
+++ /dev/null
@@ -1,45 +0,0 @@
-#===============================================
-# Policy File of /system/bin/audiocmdservice_atci Executable File
-
-type audiocmdservice_atci_exec , exec_type, file_type;
-
-# New added for move to /system
-typeattribute audiocmdservice_atci coredomain;
-# ==============================================
-# MTK Policy Rule
-# ==============================================
-# audiocmdservice_atci - audio-daemon service
-init_daemon_domain(audiocmdservice_atci)
-
-# Perform Binder IPC for audio tuning tool and access to mediaserver
-binder_use(audiocmdservice_atci)
-binder_call(audiocmdservice_atci, mediaserver)
-allow audiocmdservice_atci mediaserver:dir w_dir_perms;
-allow audiocmdservice_atci mediaserver_service:service_manager find;
-
-# Since Android N, google separates mediaserver to audioserver and cameraserver
-binder_call(audiocmdservice_atci, audioserver)
-allow audiocmdservice_atci audioserver:dir w_dir_perms;
-allow audiocmdservice_atci audioserver_service:service_manager find;
-
-# Access to fuse file system
-allow audiocmdservice_atci sdcard_type:file create_file_perms;
-allow audiocmdservice_atci sdcard_type:dir w_dir_perms;
-
-# Access to internal storage
-allow audiocmdservice_atci media_rw_data_file:dir create_dir_perms;
-allow audiocmdservice_atci media_rw_data_file:file create_file_perms;
-
-#To access the file at /dev/kmsg
-allow audiocmdservice_atci kmsg_device:chr_file w_file_perms;
-
-userdebug_or_eng(`
-  allow audiocmdservice_atci self:capability { sys_nice fowner chown fsetid setuid ipc_lock net_admin};
-')
-
-#audio-daemon needs to controlled from adb shell by AudioTuningTool
-allow radio audiocmdservice_atci_exec:file getattr;
-
-#Android O porting
-hwbinder_use(audiocmdservice_atci)
-get_prop(audiocmdservice_atci, hwservicemanager_prop);
diff --git a/plat_private/audioserver.te b/plat_private/audioserver.te
index 55ad030..a167d6d 100644
--- a/plat_private/audioserver.te
+++ b/plat_private/audioserver.te
@@ -72,6 +72,3 @@ allow audioserver storage_file:dir { r_dir_perms };
 # Date : W18.01
 # Add for turn on SElinux in enforcing mode
 allow audioserver self:netlink_kobject_uevent_socket { read create };
-
-# Audio Tuning Tool Android O porting
-allow audioserver audiocmdservice_atci:binder call;
diff --git a/plat_private/file_contexts b/plat_private/file_contexts
index 4e8c24b..7887de2 100644
--- a/plat_private/file_contexts
+++ b/plat_private/file_contexts
@@ -21,7 +21,6 @@
 /system/bin/aee_aed u:object_r:aee_aed_exec:s0
 /system/bin/aee_aed64 u:object_r:aee_aed_exec:s0
 /system/bin/aee_dumpstate u:object_r:dumpstate_exec:s0
-/system/bin/audiocmdservice_atci u:object_r:audiocmdservice_atci_exec:s0
 /(system\/vendor|vendor)/bin/kisd u:object_r:kisd_exec:s0
 
 # google suggest that move aee_aedv_exec to platform @google_issue_id:64130120
diff --git a/plat_public/audiocmdservice_atci.te b/plat_public/audiocmdservice_atci.te
deleted file mode 100644
index 323134f..0000000
--- a/plat_public/audiocmdservice_atci.te
+++ /dev/null
@@ -1,8 +0,0 @@
-# ==============================================
-# Policy File of /system/bin/audiocmdservice_atci Executable File
-
-# ==============================================
-# Type Declaration
-# ==============================================
-
-type audiocmdservice_atci ,domain;