b1a921e24e
This is no longer used and violates Treble data separation.
Bug: 68057930
Test: verify on Sailfish that /data/misc/audiohal doesn't exist
This dir appears to be Qualcomm specific and should not have
been defined in core policy.
Change-Id: I55fba7564203a7f8a1d8612abd36ec1f89dc869d
34 lines
1.1 KiB
Plaintext
34 lines
1.1 KiB
Plaintext
# HwBinder IPC from client to server, and callbacks
|
|
binder_call(hal_audio_client, hal_audio_server)
|
|
binder_call(hal_audio_server, hal_audio_client)
|
|
|
|
add_hwservice(hal_audio_server, hal_audio_hwservice)
|
|
allow hal_audio_client hal_audio_hwservice:hwservice_manager find;
|
|
|
|
allow hal_audio ion_device:chr_file r_file_perms;
|
|
|
|
r_dir_file(hal_audio, proc)
|
|
r_dir_file(hal_audio, proc_asound)
|
|
allow hal_audio audio_device:dir r_dir_perms;
|
|
allow hal_audio audio_device:chr_file rw_file_perms;
|
|
|
|
# Needed to provide debug dump output via dumpsys' pipes.
|
|
allow hal_audio shell:fd use;
|
|
allow hal_audio shell:fifo_file write;
|
|
allow hal_audio dumpstate:fd use;
|
|
allow hal_audio dumpstate:fifo_file write;
|
|
|
|
###
|
|
### neverallow rules
|
|
###
|
|
|
|
# Should never execute any executable without a domain transition
|
|
neverallow hal_audio { file_type fs_type }:file execute_no_trans;
|
|
|
|
# Should never need network access.
|
|
# Disallow network sockets.
|
|
neverallow hal_audio domain:{ tcp_socket udp_socket rawip_socket } *;
|
|
|
|
# Only audio HAL may directly access the audio hardware
|
|
neverallow { halserverdomain -hal_audio_server } audio_device:chr_file *;
|