Allow devices that use HIDL to find AIDL radio_ext_service

Move the type to a common sepolicy so it can be shared. avc: denied { find } for pid=6493 uid=10256 name=vendor.google.radio_ext.IRadioExt/default scontext=u:r:grilservice_app:s0:c0,c257,c512,c768 tcontext=u:object_r:default_android_service:s0 tclass=service_manager permissive=0 NO_AVC_EVIDENCE_CHECK=default_android_service not supported Bug: 365099058 Test: manual Flag: EXEMPT mk file Change-Id: I9c2471792c2a423e19f1472bd7923a5284f9127e
2024-09-10 15:15:29 +08:00 · 2024-09-10 15:15:29 +08:00 · 1331d97c92
commit 1331d97c92
parent ab39c35ee2
9 changed files with 10 additions and 6 deletions
--- a/gril/aidl/2.0/gril_aidl.mk
+++ b/gril/aidl/2.0/gril_aidl.mk
@ -1,3 +1,4 @@
 PRODUCT_PACKAGES += vendor.google.radioext@1.0-service
 DEVICE_PRODUCT_COMPATIBILITY_MATRIX_FILE += device/google/gs-common/gril/aidl/2.0/compatibility_matrix.xml
 BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/gril/aidl/2.0/sepolicy
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/gril/common/sepolicy
--- a/gril/aidl/2.0/sepolicy/grilservice_app.te
+++ b/gril/aidl/2.0/sepolicy/grilservice_app.te
@ -1,4 +1,4 @@
-# allow grilservice_app to find hal_aidl_radio_ext_service
-allow grilservice_app hal_aidl_radio_ext_service:service_manager find;
+# allow grilservice_app to find hal_radio_ext_service
+allow grilservice_app hal_radio_ext_service:service_manager find;
 binder_call(grilservice_app, hal_aidl_radio_ext)
 binder_call(grilservice_app, twoshay)
--- a/gril/aidl/2.0/sepolicy/hal_aidl_radio_ext.te
+++ b/gril/aidl/2.0/sepolicy/hal_aidl_radio_ext.te
@ -12,7 +12,7 @@ binder_call(hal_aidl_radio_ext, servicemanager)
 binder_call(hal_aidl_radio_ext, grilservice_app)
 binder_call(hal_aidl_radio_ext, hal_bluetooth_btlinux)

-add_service(hal_aidl_radio_ext, hal_aidl_radio_ext_service)
+add_service(hal_aidl_radio_ext, hal_radio_ext_service)

 # RW /dev/oem_ipc0
 allow hal_aidl_radio_ext radio_device:chr_file rw_file_perms;
--- a/gril/aidl/2.0/sepolicy/service.te
+++ b/gril/aidl/2.0/sepolicy/service.te
@ -1,2 +0,0 @@
-# Radio Ext AIDL service
-type hal_aidl_radio_ext_service, hal_service_type, protected_service, service_manager_type;
--- a/modem/radio_ext/sepolicy/service.te
+++ b/modem/radio_ext/sepolicy/service.te
@ -1,2 +1,3 @@
 # Radio Ext AIDL service
+# Shared definition so a single type is referenced
 type hal_radio_ext_service, hal_service_type, protected_service, service_manager_type;
--- a/gril/aidl/2.0/sepolicy/service_contexts
+++ b/gril/aidl/2.0/sepolicy/service_contexts
@ -1 +1 @@
-vendor.google.radio_ext.IRadioExt/default                 u:object_r:hal_aidl_radio_ext_service:s0
+vendor.google.radio_ext.IRadioExt/default                 u:object_r:hal_radio_ext_service:s0
--- a/gril/hidl/1.7/gril_hidl.mk
+++ b/gril/hidl/1.7/gril_hidl.mk
@ -1,3 +1,4 @@
 PRODUCT_PACKAGES += vendor.google.radioext@1.0-service
 DEVICE_PRODUCT_COMPATIBILITY_MATRIX_FILE += device/google/gs-common/gril/hidl/1.7/compatibility_matrix.xml
 BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/gril/hidl/1.7/sepolicy
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/gril/common/sepolicy
--- a/gril/hidl/1.7/sepolicy/grilservice_app.te
+++ b/gril/hidl/1.7/sepolicy/grilservice_app.te
@ -1,2 +1,4 @@
+# allow grilservice_app to find hal_radio_ext_service
+allow grilservice_app hal_radio_ext_service:service_manager find;
 # allow grilservice_app to binder call hal_radioext_default
 binder_call(grilservice_app, hal_radioext_default)
--- a/modem/radio_ext/radio_ext.mk
+++ b/modem/radio_ext/radio_ext.mk
@ -3,3 +3,4 @@ PRODUCT_PACKAGES += vendor.google.radio_ext-service
 DEVICE_PRODUCT_COMPATIBILITY_MATRIX_FILE += device/google/gs-common/modem/radio_ext/compatibility_matrix.xml

 BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/modem/radio_ext/sepolicy
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/gril/common/sepolicy