From 464f59ae107f493f244048cb126b32532944e314 Mon Sep 17 00:00:00 2001
From: Tri Vo <trong@google.com>
Date: Fri, 6 Oct 2017 10:20:53 -0700
Subject: [PATCH] Extend access to proc/asound/*

Renamed this type:
proc_asound_cards -> proc_asound

Labeled /proc/asound/devices as proc_asound.

We now use proc_asound type to label files under /proc/asound which we
want to expose to system components.

Bug: 66988327
Test: Pixel 2 boots, can play sound with or without headphones, and
selinux denials to proc_asound are not seen.

Change-Id: I453d9bfdd70eb80931ec9e80f17c8fd0629db3d0
---
 private/app_neverallows.te   | 2 +-
 private/compat/26.0/26.0.cil | 2 +-
 private/genfs_contexts       | 3 ++-
 private/system_server.te     | 2 +-
 public/file.te               | 2 +-
 public/hal_audio.te          | 2 +-
 6 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/private/app_neverallows.te b/private/app_neverallows.te
index db14f1b58..7638d368f 100644
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te
@@ -110,7 +110,7 @@ neverallow all_untrusted_apps anr_data_file:dir ~search;
 # Create a more specific label if needed
 neverallow all_untrusted_apps {
   proc
-  proc_asound_cards
+  proc_asound
   proc_filesystems
   proc_kmsg
   proc_loadavg
diff --git a/private/compat/26.0/26.0.cil b/private/compat/26.0/26.0.cil
index ca34491c8..c60b2e615 100644
--- a/private/compat/26.0/26.0.cil
+++ b/private/compat/26.0/26.0.cil
@@ -446,7 +446,7 @@
 (typeattributeset preopt2cachename_exec_26_0 (preopt2cachename_exec))
 (typeattributeset print_service_26_0 (print_service))
 (typeattributeset priv_app_26_0 (mediaprovider priv_app))
-(typeattributeset proc_26_0 (proc proc_asound_cards proc_cmdline proc_filesystems proc_kmsg proc_loadavg proc_mounts proc_pagetypeinfo proc_swaps proc_uid_time_in_state proc_version proc_vmallocinfo))
+(typeattributeset proc_26_0 (proc proc_asound proc_cmdline proc_filesystems proc_kmsg proc_loadavg proc_mounts proc_pagetypeinfo proc_swaps proc_uid_time_in_state proc_version proc_vmallocinfo))
 (typeattributeset proc_bluetooth_writable_26_0 (proc_bluetooth_writable))
 (typeattributeset proc_cpuinfo_26_0 (proc_cpuinfo))
 (typeattributeset proc_drop_caches_26_0 (proc_drop_caches))
diff --git a/private/genfs_contexts b/private/genfs_contexts
index b5827c803..6a95ffbdb 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -2,7 +2,8 @@
 genfscon rootfs / u:object_r:rootfs:s0
 # proc labeling can be further refined (longest matching prefix).
 genfscon proc / u:object_r:proc:s0
-genfscon proc /asound/cards u:object_r:proc_asound_cards:s0
+genfscon proc /asound/cards u:object_r:proc_asound:s0
+genfscon proc /asound/devices u:object_r:proc_asound:s0
 genfscon proc /cmdline u:object_r:proc_cmdline:s0
 genfscon proc /config.gz u:object_r:config_gz:s0
 genfscon proc /filesystems u:object_r:proc_filesystems:s0
diff --git a/private/system_server.te b/private/system_server.te
index c1b184a31..8f9091d4e 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -675,7 +675,7 @@ allow system_server preloads_media_file:dir { r_dir_perms write remove_name rmdi
 r_dir_file(system_server, cgroup)
 allow system_server ion_device:chr_file r_file_perms;
 
-r_dir_file(system_server, proc_asound_cards)
+r_dir_file(system_server, proc_asound)
 r_dir_file(system_server, proc_loadavg)
 r_dir_file(system_server, proc_meminfo)
 r_dir_file(system_server, proc_net)
diff --git a/public/file.te b/public/file.te
index 51a0439d6..79435e518 100644
--- a/public/file.te
+++ b/public/file.te
@@ -13,7 +13,7 @@ type usermodehelper, fs_type;
 type sysfs_usermodehelper, fs_type, sysfs_type;
 type qtaguid_proc, fs_type, mlstrustedobject;
 type proc_bluetooth_writable, fs_type;
-type proc_asound_cards, fs_type;
+type proc_asound, fs_type;
 type proc_cmdline, fs_type;
 type proc_cpuinfo, fs_type;
 type proc_filesystems, fs_type;
diff --git a/public/hal_audio.te b/public/hal_audio.te
index be7e23550..6a436bd8e 100644
--- a/public/hal_audio.te
+++ b/public/hal_audio.te
@@ -14,7 +14,7 @@ userdebug_or_eng(`
 ')
 
 r_dir_file(hal_audio, proc)
-r_dir_file(hal_audio, proc_asound_cards)
+r_dir_file(hal_audio, proc_asound)
 allow hal_audio audio_device:dir r_dir_perms;
 allow hal_audio audio_device:chr_file rw_file_perms;
 
-- 
GitLab