From 1331d97c929bb3b64b3a07271ad0f2aa9693bace Mon Sep 17 00:00:00 2001
From: cey <cey@google.com>
Date: Tue, 10 Sep 2024 15:15:29 +0800
Subject: [PATCH] Allow devices that use HIDL to find AIDL radio_ext_service

Move the type to a common sepolicy so it can be shared.

avc:  denied  { find } for pid=6493 uid=10256 name=vendor.google.radio_ext.IRadioExt/default scontext=u:r:grilservice_app:s0:c0,c257,c512,c768 tcontext=u:object_r:default_android_service:s0 tclass=service_manager permissive=0

NO_AVC_EVIDENCE_CHECK=default_android_service not supported

Bug: 365099058
Test: manual
Flag: EXEMPT mk file
Change-Id: I9c2471792c2a423e19f1472bd7923a5284f9127e
---
 gril/aidl/2.0/gril_aidl.mk                           | 1 +
 gril/aidl/2.0/sepolicy/grilservice_app.te            | 4 ++--
 gril/aidl/2.0/sepolicy/hal_aidl_radio_ext.te         | 2 +-
 gril/aidl/2.0/sepolicy/service.te                    | 2 --
 {modem/radio_ext => gril/common}/sepolicy/service.te | 1 +
 gril/{aidl/2.0 => common}/sepolicy/service_contexts  | 2 +-
 gril/hidl/1.7/gril_hidl.mk                           | 1 +
 gril/hidl/1.7/sepolicy/grilservice_app.te            | 2 ++
 modem/radio_ext/radio_ext.mk                         | 1 +
 9 files changed, 10 insertions(+), 6 deletions(-)
 delete mode 100644 gril/aidl/2.0/sepolicy/service.te
 rename {modem/radio_ext => gril/common}/sepolicy/service.te (68%)
 rename gril/{aidl/2.0 => common}/sepolicy/service_contexts (64%)

diff --git a/gril/aidl/2.0/gril_aidl.mk b/gril/aidl/2.0/gril_aidl.mk
index b7d5133..d4fa9e9 100644
--- a/gril/aidl/2.0/gril_aidl.mk
+++ b/gril/aidl/2.0/gril_aidl.mk
@@ -1,3 +1,4 @@
 PRODUCT_PACKAGES += vendor.google.radioext@1.0-service
 DEVICE_PRODUCT_COMPATIBILITY_MATRIX_FILE += device/google/gs-common/gril/aidl/2.0/compatibility_matrix.xml
 BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/gril/aidl/2.0/sepolicy
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/gril/common/sepolicy
diff --git a/gril/aidl/2.0/sepolicy/grilservice_app.te b/gril/aidl/2.0/sepolicy/grilservice_app.te
index 8f49afa..812c8a2 100644
--- a/gril/aidl/2.0/sepolicy/grilservice_app.te
+++ b/gril/aidl/2.0/sepolicy/grilservice_app.te
@@ -1,4 +1,4 @@
-# allow grilservice_app to find hal_aidl_radio_ext_service
-allow grilservice_app hal_aidl_radio_ext_service:service_manager find;
+# allow grilservice_app to find hal_radio_ext_service
+allow grilservice_app hal_radio_ext_service:service_manager find;
 binder_call(grilservice_app, hal_aidl_radio_ext)
 binder_call(grilservice_app, twoshay)
diff --git a/gril/aidl/2.0/sepolicy/hal_aidl_radio_ext.te b/gril/aidl/2.0/sepolicy/hal_aidl_radio_ext.te
index ad6c86b..68dd397 100644
--- a/gril/aidl/2.0/sepolicy/hal_aidl_radio_ext.te
+++ b/gril/aidl/2.0/sepolicy/hal_aidl_radio_ext.te
@@ -12,7 +12,7 @@ binder_call(hal_aidl_radio_ext, servicemanager)
 binder_call(hal_aidl_radio_ext, grilservice_app)
 binder_call(hal_aidl_radio_ext, hal_bluetooth_btlinux)
 
-add_service(hal_aidl_radio_ext, hal_aidl_radio_ext_service)
+add_service(hal_aidl_radio_ext, hal_radio_ext_service)
 
 # RW /dev/oem_ipc0
 allow hal_aidl_radio_ext radio_device:chr_file rw_file_perms;
diff --git a/gril/aidl/2.0/sepolicy/service.te b/gril/aidl/2.0/sepolicy/service.te
deleted file mode 100644
index 24aa71e..0000000
--- a/gril/aidl/2.0/sepolicy/service.te
+++ /dev/null
@@ -1,2 +0,0 @@
-# Radio Ext AIDL service
-type hal_aidl_radio_ext_service, hal_service_type, protected_service, service_manager_type;
diff --git a/modem/radio_ext/sepolicy/service.te b/gril/common/sepolicy/service.te
similarity index 68%
rename from modem/radio_ext/sepolicy/service.te
rename to gril/common/sepolicy/service.te
index 7288ef1..ee6fb77 100644
--- a/modem/radio_ext/sepolicy/service.te
+++ b/gril/common/sepolicy/service.te
@@ -1,2 +1,3 @@
 # Radio Ext AIDL service
+# Shared definition so a single type is referenced
 type hal_radio_ext_service, hal_service_type, protected_service, service_manager_type;
diff --git a/gril/aidl/2.0/sepolicy/service_contexts b/gril/common/sepolicy/service_contexts
similarity index 64%
rename from gril/aidl/2.0/sepolicy/service_contexts
rename to gril/common/sepolicy/service_contexts
index 7b96182..7e50c2e 100644
--- a/gril/aidl/2.0/sepolicy/service_contexts
+++ b/gril/common/sepolicy/service_contexts
@@ -1 +1 @@
-vendor.google.radio_ext.IRadioExt/default                 u:object_r:hal_aidl_radio_ext_service:s0
+vendor.google.radio_ext.IRadioExt/default                 u:object_r:hal_radio_ext_service:s0
diff --git a/gril/hidl/1.7/gril_hidl.mk b/gril/hidl/1.7/gril_hidl.mk
index fcd5ef8..0008a5d 100644
--- a/gril/hidl/1.7/gril_hidl.mk
+++ b/gril/hidl/1.7/gril_hidl.mk
@@ -1,3 +1,4 @@
 PRODUCT_PACKAGES += vendor.google.radioext@1.0-service
 DEVICE_PRODUCT_COMPATIBILITY_MATRIX_FILE += device/google/gs-common/gril/hidl/1.7/compatibility_matrix.xml
 BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/gril/hidl/1.7/sepolicy
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/gril/common/sepolicy
diff --git a/gril/hidl/1.7/sepolicy/grilservice_app.te b/gril/hidl/1.7/sepolicy/grilservice_app.te
index 43da795..3a170b8 100644
--- a/gril/hidl/1.7/sepolicy/grilservice_app.te
+++ b/gril/hidl/1.7/sepolicy/grilservice_app.te
@@ -1,2 +1,4 @@
+# allow grilservice_app to find hal_radio_ext_service
+allow grilservice_app hal_radio_ext_service:service_manager find;
 # allow grilservice_app to binder call hal_radioext_default
 binder_call(grilservice_app, hal_radioext_default)
diff --git a/modem/radio_ext/radio_ext.mk b/modem/radio_ext/radio_ext.mk
index 6750fdd..1df3bcc 100644
--- a/modem/radio_ext/radio_ext.mk
+++ b/modem/radio_ext/radio_ext.mk
@@ -3,3 +3,4 @@ PRODUCT_PACKAGES += vendor.google.radio_ext-service
 DEVICE_PRODUCT_COMPATIBILITY_MATRIX_FILE += device/google/gs-common/modem/radio_ext/compatibility_matrix.xml
 
 BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/modem/radio_ext/sepolicy
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/gril/common/sepolicy