Merge "[ALPS03959715] move audio-daemon to vendor" into alps-trunk-p0.basic

Change-Id: I4e6c31878331055f1559aa372d7d1f7106424419 MTK-Commit-Id: 7b461a24341a10035f24ce91c6751d04307f47ba
2020-01-18 10:02:49 +08:00 · 2020-01-18 10:02:49 +08:00 · c5d80a4090
commit c5d80a4090
parent 6f6b3997d7 56b7e390c4
7 changed files with 26 additions and 58 deletions
--- a/non_plat/audiocmdservice_atci.te
+++ b/non_plat/audiocmdservice_atci.te
@ -1,5 +1,12 @@
 # ==============================================
 # Policy File of /system/bin/audiocmdservice_atci Executable File
+type audiocmdservice_atci ,domain;
+type audiocmdservice_atci_exec, exec_type, file_type, vendor_file_type;
+
+init_daemon_domain(audiocmdservice_atci)
+
+unix_socket_connect(atci_service, atci-audio, audiocmdservice_atci);
+allow audiocmdservice_atci self:unix_stream_socket { create_socket_perms read write };

 # Access to storages for audio tuning tool to read/write tuning result
 allow audiocmdservice_atci { block_device device }:dir { write search };
@ -7,5 +14,19 @@ allow audiocmdservice_atci mnt_user_file:dir rw_dir_perms;
 allow audiocmdservice_atci { mnt_user_file storage_file }:lnk_file rw_file_perms;
 allow audiocmdservice_atci bootdevice_block_device:blk_file { read write };

-allow audiocmdservice_atci hal_audio_hwservice:hwservice_manager find;
+
+# can route /dev/binder traffic to /dev/vndbinder
+vndbinder_use(audiocmdservice_atci)
 binder_call(audiocmdservice_atci,mtk_hal_audio);
+
+#Android O porting
+hwbinder_use(audiocmdservice_atci)
+get_prop(audiocmdservice_atci, hwservicemanager_prop);
+allow audiocmdservice_atci hal_audio_hwservice:hwservice_manager find;
+
+#To access the file at /dev/kmsg
+allow audiocmdservice_atci kmsg_device:chr_file w_file_perms;
+
+userdebug_or_eng(`
+  allow audiocmdservice_atci self:capability { sys_nice fowner chown fsetid setuid ipc_lock net_admin};
+')
--- a/non_plat/file.te
+++ b/non_plat/file.te
@ -298,3 +298,5 @@ type sysfs_spm, fs_type, sysfs_type;
 # Purpose : mtk EM Audio headset detect
 type sysfs_headset, fs_type, sysfs_type;

+# socket between atci_service and audio-daemon
+type atci-audio_socket, file_type;
--- a/non_plat/file_contexts
+++ b/non_plat/file_contexts
@ -241,6 +241,7 @@
 /dev/socket/agpsd2(/.*)? u:object_r:agpsd_socket:s0
 /dev/socket/agpsd3(/.*)? u:object_r:agpsd_socket:s0
 /dev/socket/agpsd(/.*)? u:object_r:agpsd_socket:s0
+/dev/socket/atci-audio(/.*)? u:object_r:atci-audio_socket:s0
 /dev/socket/backuprestore(/.*)? u:object_r:backuprestore_socket:s0
 /dev/socket/dfo(/.*)? u:object_r:dfo_socket:s0
 /dev/socket/dnsproxyd(/.*)? u:object_r:dnsproxyd_socket:s0
@ -523,6 +524,7 @@
 #############################
 # System files
 #
+/(system\/vendor|vendor)/bin/audiocmdservice_atci u:object_r:audiocmdservice_atci_exec:s0
 /(system\/vendor|vendor)/bin/stp_dump3 u:object_r:stp_dump3_exec:s0
 /(system\/vendor|vendor)/bin/wmt_launcher u:object_r:mtk_wmt_launcher_exec:s0
 /(system\/vendor|vendor)/bin/ccci_fsd u:object_r:ccci_fsd_exec:s0
--- a/plat_private/audiocmdservice_atci.te
+++ b/plat_private/audiocmdservice_atci.te
@ -1,45 +0,0 @@
-#===============================================
-# Policy File of /system/bin/audiocmdservice_atci Executable File
-
-type audiocmdservice_atci_exec , exec_type, file_type;
-
-# New added for move to /system
-typeattribute audiocmdservice_atci coredomain;
-# ==============================================
-# MTK Policy Rule
-# ==============================================
-# audiocmdservice_atci - audio-daemon service
-init_daemon_domain(audiocmdservice_atci)
-
-# Perform Binder IPC for audio tuning tool and access to mediaserver
-binder_use(audiocmdservice_atci)
-binder_call(audiocmdservice_atci, mediaserver)
-allow audiocmdservice_atci mediaserver:dir w_dir_perms;
-allow audiocmdservice_atci mediaserver_service:service_manager find;
-
-# Since Android N, google separates mediaserver to audioserver and cameraserver
-binder_call(audiocmdservice_atci, audioserver)
-allow audiocmdservice_atci audioserver:dir w_dir_perms;
-allow audiocmdservice_atci audioserver_service:service_manager find;
-
-# Access to fuse file system
-allow audiocmdservice_atci sdcard_type:file create_file_perms;
-allow audiocmdservice_atci sdcard_type:dir w_dir_perms;
-
-# Access to internal storage
-allow audiocmdservice_atci media_rw_data_file:dir create_dir_perms;
-allow audiocmdservice_atci media_rw_data_file:file create_file_perms;
-
-#To access the file at /dev/kmsg
-allow audiocmdservice_atci kmsg_device:chr_file w_file_perms;
-
-userdebug_or_eng(`
-  allow audiocmdservice_atci self:capability { sys_nice fowner chown fsetid setuid ipc_lock net_admin};
-')
-
-#audio-daemon needs to controlled from adb shell by AudioTuningTool
-allow radio audiocmdservice_atci_exec:file getattr;
-
-#Android O porting
-hwbinder_use(audiocmdservice_atci)
-get_prop(audiocmdservice_atci, hwservicemanager_prop);
--- a/plat_private/audioserver.te
+++ b/plat_private/audioserver.te
@ -72,6 +72,3 @@ allow audioserver storage_file:dir { r_dir_perms };
 # Date : W18.01
 # Add for turn on SElinux in enforcing mode
 allow audioserver self:netlink_kobject_uevent_socket { read create };
-
-# Audio Tuning Tool Android O porting
-allow audioserver audiocmdservice_atci:binder call;
--- a/plat_private/file_contexts
+++ b/plat_private/file_contexts
@ -21,7 +21,6 @@
 /system/bin/aee_aed u:object_r:aee_aed_exec:s0
 /system/bin/aee_aed64 u:object_r:aee_aed_exec:s0
 /system/bin/aee_dumpstate u:object_r:dumpstate_exec:s0
-/system/bin/audiocmdservice_atci u:object_r:audiocmdservice_atci_exec:s0
 /(system\/vendor|vendor)/bin/kisd u:object_r:kisd_exec:s0

 # google suggest that move aee_aedv_exec to platform @google_issue_id:64130120
--- a/plat_public/audiocmdservice_atci.te
+++ b/plat_public/audiocmdservice_atci.te
@ -1,8 +0,0 @@
-# ==============================================
-# Policy File of /system/bin/audiocmdservice_atci Executable File
-
-# ==============================================
-# Type Declaration
-# ==============================================
-
-type audiocmdservice_atci ,domain;