1# HwBinder IPC from client to server, and callbacks 2binder_call(hal_audio_client, hal_audio_server) 3binder_call(hal_audio_server, hal_audio_client) 4 5add_hwservice(hal_audio_server, hal_audio_hwservice) 6allow hal_audio_client hal_audio_hwservice:hwservice_manager find; 7 8allow hal_audio ion_device:chr_file r_file_perms; 9 10r_dir_file(hal_audio, proc) 11r_dir_file(hal_audio, proc_asound) 12allow hal_audio_server audio_device:dir r_dir_perms; 13allow hal_audio_server audio_device:chr_file rw_file_perms; 14 15# Needed to provide debug dump output via dumpsys' pipes. 16allow hal_audio shell:fd use; 17allow hal_audio shell:fifo_file write; 18allow hal_audio dumpstate:fd use; 19allow hal_audio dumpstate:fifo_file write; 20 21# allow hal audio to use vnbinder 22vndbinder_use(hal_audio) 23 24### 25### neverallow rules 26### 27 28# Should never execute any executable without a domain transition 29neverallow hal_audio_server { file_type fs_type }:file execute_no_trans; 30 31# Should never need network access. 32# Disallow network sockets. 33neverallow hal_audio_server domain:{ tcp_socket udp_socket rawip_socket } *; 34 35# Only audio HAL may directly access the audio hardware 36neverallow { halserverdomain -hal_audio_server } audio_device:chr_file *; 37 38get_prop(hal_audio, bluetooth_a2dp_offload_prop) 39