From b1a921e24ee486d04ca60a669511a072b4fa54c9 Mon Sep 17 00:00:00 2001
From: Jeff Vander Stoep <jeffv@google.com>
Date: Fri, 20 Oct 2017 20:24:15 -0700
Subject: [PATCH] hal_audio: remove access to audiohal_data_file

This is no longer used and violates Treble data separation.

Bug: 68057930
Test: verify on Sailfish that /data/misc/audiohal doesn't exist
    This dir appears to be Qualcomm specific and should not have
    been defined in core policy.

Change-Id: I55fba7564203a7f8a1d8612abd36ec1f89dc869d
---
 public/file.te      | 4 +++-
 public/hal_audio.te | 6 ------
 2 files changed, 3 insertions(+), 7 deletions(-)

diff --git a/public/file.te b/public/file.te
index 323198a8f..39e35b40d 100644
--- a/public/file.te
+++ b/public/file.te
@@ -199,7 +199,6 @@ type postinstall_file, file_type;
 # /data/misc subdirectories
 type adb_keys_file, file_type, data_file_type, core_data_file_type;
 type audio_data_file, file_type, data_file_type, core_data_file_type;
-type audiohal_data_file, file_type, data_file_type, core_data_file_type;
 type audioserver_data_file, file_type, data_file_type, core_data_file_type;
 type bluetooth_data_file, file_type, data_file_type, core_data_file_type;
 type bluetooth_logs_data_file, file_type, data_file_type, core_data_file_type;
@@ -354,6 +353,9 @@ allow postinstall_file self:filesystem associate;
 # asanwrapper (run a sanitized app_process, to be used with wrap properties)
 with_asan(`type asanwrapper_exec, exec_type, file_type;')
 
+# Deprecated in SDK version 28
+type audiohal_data_file, file_type, data_file_type, core_data_file_type;
+
 # It's a bug to assign the file_type attribute and fs_type attribute
 # to any type. Do not allow it.
 #
diff --git a/public/hal_audio.te b/public/hal_audio.te
index 6a436bd8e..0665e2618 100644
--- a/public/hal_audio.te
+++ b/public/hal_audio.te
@@ -7,12 +7,6 @@ allow hal_audio_client hal_audio_hwservice:hwservice_manager find;
 
 allow hal_audio ion_device:chr_file r_file_perms;
 
-userdebug_or_eng(`
-  # used for pcm capture for debug.
-  allow hal_audio audiohal_data_file:dir create_dir_perms;
-  allow hal_audio audiohal_data_file:file create_file_perms;
-')
-
 r_dir_file(hal_audio, proc)
 r_dir_file(hal_audio, proc_asound)
 allow hal_audio audio_device:dir r_dir_perms;
-- 
GitLab