From af064374554a86cb6a53ba2f924e00d9f9fe240e Mon Sep 17 00:00:00 2001
From: Alan Chen <alanblc@google.com>
Date: Fri, 23 Feb 2024 12:40:47 +0800
Subject: [PATCH] Allow gril to access radioext-aidl

Selinux logs fixed:

auditd  : avc:  denied  { find } for pid=2251 uid=10246 name=vendor.google.radio_ext.IRadioExt/default scontext=u:r:grilservice_app:s0:c246,c256,c512,c768 tcontext=u:object_r:hal_radio_ext_service:s0 tclass=service_manager permissive=0

auditd  : type=1400 audit(0.0:24): avc:  denied  { call } for  comm="oid.grilservice" scontext=u:r:grilservice_app:s0:c246,c256,c512,c768 tcontext=u:r:hal_radio_ext:s0 tclass=binder permissive=0 app=com.google.android.grilservice

Bug: 322125172
Test: the two selinux logs do not appear and no errors when gril calls radioext-aidl
Change-Id: Iec490afe4fbfd276ecda592fa20ac871f086c5f0
---
 caiman/grilservice_app.te | 2 ++
 komodo/grilservice_app.te | 2 ++
 tokay/grilservice_app.te  | 2 ++
 3 files changed, 6 insertions(+)
 create mode 100644 caiman/grilservice_app.te
 create mode 100644 komodo/grilservice_app.te
 create mode 100644 tokay/grilservice_app.te

diff --git a/caiman/grilservice_app.te b/caiman/grilservice_app.te
new file mode 100644
index 00000000..9bd8c8e7
--- /dev/null
+++ b/caiman/grilservice_app.te
@@ -0,0 +1,2 @@
+allow grilservice_app hal_radio_ext_service:service_manager find;
+binder_call(grilservice_app, hal_radio_ext)
diff --git a/komodo/grilservice_app.te b/komodo/grilservice_app.te
new file mode 100644
index 00000000..9bd8c8e7
--- /dev/null
+++ b/komodo/grilservice_app.te
@@ -0,0 +1,2 @@
+allow grilservice_app hal_radio_ext_service:service_manager find;
+binder_call(grilservice_app, hal_radio_ext)
diff --git a/tokay/grilservice_app.te b/tokay/grilservice_app.te
new file mode 100644
index 00000000..9bd8c8e7
--- /dev/null
+++ b/tokay/grilservice_app.te
@@ -0,0 +1,2 @@
+allow grilservice_app hal_radio_ext_service:service_manager find;
+binder_call(grilservice_app, hal_radio_ext)