From 3d127f922415d92ca4554f7a483115b4cd5222e8 Mon Sep 17 00:00:00 2001 From: jznpark Date: Mon, 26 Apr 2021 12:38:31 +0900 Subject: [PATCH] [RCS] Add sepolicy for RCS as non-system app As shannon-rcs has been changed from system app to non-system app, sepolicy has to be updated. Bug: 186135775 Bug: 189707387 Test: sanity test Signed-off-by: jznpark Change-Id: I32cce90611c619494136a6b1d01b3fb48330d169 --- tracking_denials/vendor_rcs_app.te | 3 +++ whitechapel/vendor/google/property.te | 1 + whitechapel/vendor/google/rild.te | 1 + whitechapel/vendor/google/seapp_contexts | 2 ++ whitechapel/vendor/google/vendor_init.te | 1 + whitechapel/vendor/google/vendor_rcs_app.te | 18 ++++++++++++++++++ 6 files changed, 26 insertions(+) create mode 100644 tracking_denials/vendor_rcs_app.te create mode 100644 whitechapel/vendor/google/vendor_rcs_app.te diff --git a/tracking_denials/vendor_rcs_app.te b/tracking_denials/vendor_rcs_app.te new file mode 100644 index 00000000..4fdde216 --- /dev/null +++ b/tracking_denials/vendor_rcs_app.te @@ -0,0 +1,3 @@ +# b/183935382 +dontaudit vendor_rcs_app default_prop:file { read }; +dontaudit vendor_rcs_app default_prop:file { read }; diff --git a/whitechapel/vendor/google/property.te b/whitechapel/vendor/google/property.te index f1e377f0..f540c88a 100644 --- a/whitechapel/vendor/google/property.te +++ b/whitechapel/vendor/google/property.te @@ -1,6 +1,7 @@ # For Exynos Properties vendor_internal_prop(vendor_prop) vendor_internal_prop(vendor_ims_prop) +vendor_internal_prop(vendor_rcs_prop) vendor_internal_prop(vendor_rild_prop) vendor_internal_prop(vendor_slog_prop) vendor_internal_prop(sensors_prop) diff --git a/whitechapel/vendor/google/rild.te b/whitechapel/vendor/google/rild.te index 5dab0eff..a39ab520 100644 --- a/whitechapel/vendor/google/rild.te +++ b/whitechapel/vendor/google/rild.te @@ -24,6 +24,7 @@ binder_call(rild, hal_secure_element_default) binder_call(rild, platform_app) binder_call(rild, modem_svc_sit) binder_call(rild, vendor_ims_app) +binder_call(rild, vendor_rcs_app) # for hal service add_hwservice(rild, hal_exynos_rild_hwservice) diff --git a/whitechapel/vendor/google/seapp_contexts b/whitechapel/vendor/google/seapp_contexts index fbf19390..a6692190 100644 --- a/whitechapel/vendor/google/seapp_contexts +++ b/whitechapel/vendor/google/seapp_contexts @@ -9,6 +9,8 @@ user=system seinfo=platform name=com.samsung.slsi.telephony.networktestmode doma # Samsung S.LSI IMS user=_app isPrivApp=true name=com.shannon.imsservice domain=vendor_ims_app levelFrom=all user=_app isPrivApp=true name=com.shannon.imsservice:remote domain=vendor_ims_app levelFrom=all +user=_app isPrivApp=true name=com.shannon.rcsservice domain=vendor_rcs_app levelFrom=all +user=_app isPrivApp=true name=com.shannon.rcsservice:remote domain=vendor_rcs_app levelFrom=all user=_app isPrivApp=true name=com.shannon.qualifiednetworksservice domain=vendor_ims_app levelFrom=all # coredump/ramdump diff --git a/whitechapel/vendor/google/vendor_init.te b/whitechapel/vendor/google/vendor_init.te index dedeaa7e..5a86aded 100644 --- a/whitechapel/vendor/google/vendor_init.te +++ b/whitechapel/vendor/google/vendor_init.te @@ -6,6 +6,7 @@ set_prop(vendor_init, vendor_usb_config_prop) set_prop(vendor_init, vendor_slog_prop) set_prop(vendor_init, vendor_sys_default_prop) set_prop(vendor_init, vendor_ims_prop) +set_prop(vendor_init, vendor_rcs_prop) set_prop(vendor_init, vendor_ssrdump_prop) set_prop(vendor_init, vendor_ro_config_default_prop) get_prop(vendor_init, vendor_touchpanel_prop) diff --git a/whitechapel/vendor/google/vendor_rcs_app.te b/whitechapel/vendor/google/vendor_rcs_app.te new file mode 100644 index 00000000..292c95ee --- /dev/null +++ b/whitechapel/vendor/google/vendor_rcs_app.te @@ -0,0 +1,18 @@ +type vendor_rcs_app, domain; +app_domain(vendor_rcs_app) +net_domain(vendor_rcs_app) + +allow vendor_rcs_app app_api_service:service_manager find; +allow vendor_rcs_app audioserver_service:service_manager find; +allow vendor_rcs_app radio_service:service_manager find; +allow vendor_rcs_app mediaserver_service:service_manager find; +allow vendor_rcs_app cameraserver_service:service_manager find; + +allow vendor_rcs_app privapp_data_file:dir create_dir_perms; +allow vendor_rcs_app privapp_data_file:file create_file_perms; + +allow vendor_rcs_app hal_exynos_rild_hwservice:hwservice_manager find; + +binder_call(vendor_rcs_app, rild) +set_prop(vendor_rcs_app, vendor_rild_prop) +set_prop(vendor_rcs_app, radio_prop)