Add rules for accessing the related bluetooth_audio_hal_prop

This change allows those daemons of the audio and Bluetooth which
include HALs to access the bluetooth_audio_hal_prop. This property is
used to force disable the new BluetoothAudio HAL.
  - persist.bluetooth.bluetooth_audio_hal.disabled

Bug: 128825244
Test: audio HAL can access the property
Change-Id: I87a8ba57cfbcd7d3e4548aa96bc915d0cc6b2b74

private/app_zygote.te

@@ -152,6 +152,7 @@ neverallow app_zygote *:process ptrace;
 # neverallow rules for Bluetooth-related data files are listed above.
 neverallow app_zygote {
   bluetooth_a2dp_offload_prop
+  bluetooth_audio_hal_prop
   bluetooth_prop
   exported_bluetooth_prop
 }:file create_file_perms;

private/audioserver.te

@@ -42,6 +42,7 @@ allow audioserver mediametrics_service:service_manager find;
 
 # Allow read/write access to bluetooth-specific properties
 set_prop(audioserver, bluetooth_a2dp_offload_prop)
+set_prop(audioserver, bluetooth_audio_hal_prop)
 set_prop(audioserver, bluetooth_prop)
 set_prop(audioserver, exported_bluetooth_prop)
 

private/bluetooth.te

@@ -41,6 +41,7 @@ allow bluetooth proc_bluetooth_writable:file rw_file_perms;
 
 # Allow write access to bluetooth specific properties
 set_prop(bluetooth, bluetooth_a2dp_offload_prop)
+set_prop(bluetooth, bluetooth_audio_hal_prop)
 set_prop(bluetooth, bluetooth_prop)
 set_prop(bluetooth, exported_bluetooth_prop)
 set_prop(bluetooth, pan_result_prop)

private/compat/28.0/28.0.ignore.cil

@@ -25,6 +25,7 @@
     ashmem_device_service
     attention_service
     biometric_service
+    bluetooth_audio_hal_prop
     bpf_progs_loaded_prop
     bugreport_service
     cgroup_desc_file

private/system_app.te

@@ -32,6 +32,7 @@ allow system_app icon_file:file r_file_perms;
 
 # Write to properties
 set_prop(system_app, bluetooth_a2dp_offload_prop)
+set_prop(system_app, bluetooth_audio_hal_prop)
 set_prop(system_app, bluetooth_prop)
 set_prop(system_app, debug_prop)
 set_prop(system_app, system_prop)

private/webview_zygote.te

@@ -143,6 +143,7 @@ neverallow webview_zygote domain:{
 # neverallow rules for Bluetooth-related data files are listed above.
 neverallow webview_zygote {
   bluetooth_a2dp_offload_prop
+  bluetooth_audio_hal_prop
   bluetooth_prop
   exported_bluetooth_prop
 }:file create_file_perms;

private/zygote.te

@@ -164,6 +164,7 @@ neverallow zygote {
 # Do not allow access to Bluetooth-related system properties and files
 neverallow zygote {
   bluetooth_a2dp_offload_prop
+  bluetooth_audio_hal_prop
   bluetooth_prop
   exported_bluetooth_prop
 }:file create_file_perms;

public/app.te

@@ -564,7 +564,7 @@ neverallow {
   appdomain
   -bluetooth
   -system_app
-} { bluetooth_a2dp_offload_prop bluetooth_prop exported_bluetooth_prop }:file create_file_perms;
+} { bluetooth_audio_hal_prop bluetooth_a2dp_offload_prop bluetooth_prop exported_bluetooth_prop }:file create_file_perms;
 
 # Apps cannot access proc_uid_time_in_state
 neverallow appdomain proc_uid_time_in_state:file *;

public/hal_audio.te

@@ -35,3 +35,4 @@ neverallow hal_audio_server domain:{ tcp_socket udp_socket rawip_socket } *;
 neverallow { halserverdomain -hal_audio_server } audio_device:chr_file *;
 
 get_prop(hal_audio, bluetooth_a2dp_offload_prop)
+get_prop(hal_audio, bluetooth_audio_hal_prop)

public/hal_bluetooth.te

@@ -21,6 +21,7 @@ allow hal_bluetooth self:global_capability2_class_set wake_alarm;
 
 # Allow write access to bluetooth-specific properties
 set_prop(hal_bluetooth, bluetooth_a2dp_offload_prop)
+set_prop(hal_bluetooth, bluetooth_audio_hal_prop)
 set_prop(hal_bluetooth, bluetooth_prop)
 set_prop(hal_bluetooth, exported_bluetooth_prop)
 

public/property.te

@@ -2,6 +2,7 @@ type apexd_prop, property_type;
 type audio_prop, property_type, core_property_type;
 type boottime_prop, property_type;
 type bluetooth_a2dp_offload_prop, property_type;
+type bluetooth_audio_hal_prop, property_type;
 type bluetooth_prop, property_type;
 type bpf_progs_loaded_prop, property_type;
 type bootloader_boot_reason_prop, property_type;
@@ -351,6 +352,7 @@ compatible_property_only(`
     -apexd_prop
     -audio_prop
     -bluetooth_a2dp_offload_prop
+    -bluetooth_audio_hal_prop
     -bluetooth_prop
     -bootloader_boot_reason_prop
     -boottime_prop

public/property_contexts

@@ -72,6 +72,7 @@ media.stagefright.cache-params u:object_r:exported3_default_prop:s0 exact string
 media.stagefright.thumbnail.prefer_hw_codecs u:object_r:exported3_default_prop:s0 exact bool
 persist.bluetooth.a2dp_offload.cap u:object_r:bluetooth_a2dp_offload_prop:s0 exact string
 persist.bluetooth.a2dp_offload.disabled u:object_r:bluetooth_a2dp_offload_prop:s0 exact bool
+persist.bluetooth.bluetooth_audio_hal.disabled u:object_r:bluetooth_audio_hal_prop:s0 exact bool
 persist.bluetooth.btsnoopenable u:object_r:exported_bluetooth_prop:s0 exact bool
 persist.config.calibration_fac u:object_r:exported3_default_prop:s0 exact string
 persist.dbg.volte_avail_ovr u:object_r:exported3_default_prop:s0 exact int

public/vendor_init.te

@@ -213,6 +213,7 @@ not_compatible_property(`
 allow vendor_init file_contexts_file:file r_file_perms;
 
 set_prop(vendor_init, bluetooth_a2dp_offload_prop)
+set_prop(vendor_init, bluetooth_audio_hal_prop)
 set_prop(vendor_init, cpu_variant_prop)
 set_prop(vendor_init, debug_prop)
 set_prop(vendor_init, exported_audio_prop)