Evolution-X-Tensor/device_google_gs101
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Allow telephony to access the file descriptor of the priv_apps tcp_socket

Browse source 
The priv_apps could register for QOS notifications for its tcp_socket.
This change allows telephony to access the file descriptor for the
tcp_socket so it could double check the source and destination address
of the socket when the QOS indication is received from modem.

This addresses the following SE policy denial
auditd  : type=1400 audit(0.0:219): avc: denied { read write } for
comm="ConnectivitySer" path="socket:[98511]" dev="sockfs" ino=98511
scontext=u:r:radio:s0 tcontext=u:r:priv_app:s0:c512,c768 tclass=tcp_socket
permissive=0

Bug: 190580419
Test: Manual
Change-Id: I35d4e1fb06242eb5fcbcb36439a55c11166b149b
This commit is contained in:
Jayachandran C 2021-06-11 17:13:38 -07:00 committed by Jayachandran Chinnakkannu
parent e5c8613686
commit 5492a92a39
1 changed files with 4 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

4
whitechapel/vendor/google/radio.te vendored
View file

@ -1,3 +1,7 @@
allow radio hal_exynos_rild_hwservice:hwservice_manager find;
allow radio sysfs_vendor_sched:dir r_dir_perms;
allow radio sysfs_vendor_sched:file w_file_perms;
# Allow telephony to access file descriptor of the QOS socket
# so it can make sure the QOS is meant for the intended addresses
allow radio priv_app:tcp_socket { read write };