From 943161347ddd753f635966dce1260ac9866ffb3c Mon Sep 17 00:00:00 2001
From: Mikhail Naganov <mnaganov@google.com>
Date: Wed, 8 Nov 2017 10:31:55 -0800
Subject: [PATCH] Use /data/vendor/audio for Audio HAL data

This separates the data of audioserver from the data of the
hal_audio.

Bug: 35042759
Test: no SELinux denials for hal_audio
Change-Id: I2eafed4d8a620507e27cab3a9b84d829d003bcec
Merged-In: I1815c5debaa6d6d2076cebf8beb5acd36c6fe891
---
 init.hardware.rc                     | 6 +++---
 sepolicy/vendor/file.te              | 1 +
 sepolicy/vendor/file_contexts        | 1 +
 sepolicy/vendor/hal_audio_default.te | 4 ++--
 4 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/init.hardware.rc b/init.hardware.rc
index 7f9184f5..0e991d21 100644
--- a/init.hardware.rc
+++ b/init.hardware.rc
@@ -319,11 +319,11 @@ on zygote-start
     chown system system /data/dpm/nsrm
 
     # Create directory used by audio subsystem
-    mkdir /data/misc/audio 0770 audio audio
+    mkdir /data/vendor/audio 0770 audio audio
 
     # Create directory for audio delta files
-    mkdir /data/misc/audio/acdbdata 0770 media audio
-    mkdir /data/misc/audio/acdbdata/delta 0770 media audio
+    mkdir /data/vendor/audio/acdbdata 0770 media audio
+    mkdir /data/vendor/audio/acdbdata/delta 0770 media audio
 
     # Create directory used by the DASH client
     mkdir /data/misc/dash 0770 media audio
diff --git a/sepolicy/vendor/file.te b/sepolicy/vendor/file.te
index 2e9a984b..68f3e825 100644
--- a/sepolicy/vendor/file.te
+++ b/sepolicy/vendor/file.te
@@ -67,6 +67,7 @@ type ramdump_vendor_data_file, file_type, data_file_type, mlstrustedobject;
 type modem_dump_file, file_type, data_file_type;
 type ese_vendor_data_file, file_type, data_file_type;
 type sensors_vendor_data_file, file_type, data_file_type;
+type audio_vendor_data_file, file_type, data_file_type;
 
 type vendor_firmware_file, vendor_file_type, file_type;
 
diff --git a/sepolicy/vendor/file_contexts b/sepolicy/vendor/file_contexts
index d604beda..b8309679 100644
--- a/sepolicy/vendor/file_contexts
+++ b/sepolicy/vendor/file_contexts
@@ -247,6 +247,7 @@
 /data/vendor/ese(/.*)?                 u:object_r:ese_vendor_data_file:s0
 /data/vendor/ipa(/.*)?                 u:object_r:ipa_vendor_data_file:s0
 /data/vendor/sensors(/.*)?             u:object_r:sensors_vendor_data_file:s0
+/data/vendor/audio(/.*)?               u:object_r:audio_vendor_data_file:s0
 
 # input files
 /vendor/usr/idc(/.*)?                  u:object_r:idc_file:s0
diff --git a/sepolicy/vendor/hal_audio_default.te b/sepolicy/vendor/hal_audio_default.te
index 0b936929..357b4cdf 100644
--- a/sepolicy/vendor/hal_audio_default.te
+++ b/sepolicy/vendor/hal_audio_default.te
@@ -1,7 +1,7 @@
 r_dir_file(hal_audio_default, sysfs_soc)
 
-allow hal_audio_default audio_data_file:dir w_dir_perms;
-allow hal_audio_default audio_data_file:file create_file_perms;
+allow hal_audio_default audio_vendor_data_file:dir rw_dir_perms;
+allow hal_audio_default audio_vendor_data_file:file create_file_perms;
 
 allow hal_audio_default perfd:unix_stream_socket connectto;
 allow hal_audio_default perfd_socket:sock_file write;