From 3c46d2ff9c30c16d03f02b463d381494e3047e13 Mon Sep 17 00:00:00 2001
From: Philip Cuadra <philipcuadra@google.com>
Date: Thu, 23 Mar 2017 10:03:49 -0700
Subject: [PATCH] Allow Bluetooth sys_nice and system_server setsched for
 Bluetooth HAL

Bluetooth needs the capability to set audio-related threads to be RT
scheduled.  Grant it sys_nice.

system_server needs to set priority for the Bluetooth HAL.  Allow it.

Bug 37518404
Test:  Play Bluetooth audio, confirm RT scheduling with systrace
Merged-In: Iaf7b85a11a51883744d72a50addfd320b6fbbc2f
Change-Id: Iaf7b85a11a51883744d72a50addfd320b6fbbc2f

(cherry picked from commit 6eee6eb2c06ea812d43d8d617d10f3ef009a1a57)
---
 private/bluetooth.te     | 7 +++++--
 private/system_server.te | 1 +
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/private/bluetooth.te b/private/bluetooth.te
index da05cc246..1c0e14fb2 100644
--- a/private/bluetooth.te
+++ b/private/bluetooth.te
@@ -57,6 +57,9 @@ allow bluetooth system_api_service:service_manager find;
 # /data/data/com.android.shell/files/bugreports/bugreport-*.
 allow bluetooth shell_data_file:file read;
 
+# Bluetooth audio needs RT scheduling to meet deadlines, allow sys_nice
+allow bluetooth self:capability sys_nice;
+
 hal_client_domain(bluetooth, hal_bluetooth)
 hal_client_domain(bluetooth, hal_telephony)
 
@@ -69,6 +72,6 @@ read_runtime_log_tags(bluetooth)
 ###
 
 # Superuser capabilities.
-# bluetooth requires net_{admin,raw,bind_service} and wake_alarm and block_suspend.
-neverallow bluetooth self:capability ~{ net_admin net_raw net_bind_service };
+# Bluetooth requires net_{admin,raw,bind_service} and wake_alarm and block_suspend and sys_nice.
+neverallow bluetooth self:capability ~{ net_admin net_raw net_bind_service sys_nice};
 neverallow bluetooth self:capability2 ~{ wake_alarm block_suspend };
diff --git a/private/system_server.te b/private/system_server.te
index afca1f6ed..c4d17ef99 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -98,6 +98,7 @@ allow system_server appdomain:process { sigkill signal };
 allow system_server appdomain:process { getsched setsched };
 allow system_server audioserver:process { getsched setsched };
 allow system_server hal_audio:process { getsched setsched };
+allow system_server hal_bluetooth:process { getsched setsched };
 allow system_server cameraserver:process { getsched setsched };
 allow system_server hal_camera:process { getsched setsched };
 allow system_server mediaserver:process { getsched setsched };
-- 
GitLab