Merge "[RCS] Add sepolicy for RCS as non-system app" into sc-dev

2021-06-04 06:22:03 +00:00 · 2021-06-04 06:22:03 +00:00 · be1f56dba1
commit be1f56dba1
parent 729e8901ab 3d127f9224
6 changed files with 26 additions and 0 deletions
--- a/tracking_denials/vendor_rcs_app.te
+++ b/tracking_denials/vendor_rcs_app.te
@ -0,0 +1,3 @@
 # b/183935382
 dontaudit vendor_rcs_app default_prop:file { read };
 dontaudit vendor_rcs_app default_prop:file { read };
--- a/whitechapel/vendor/google/property.te
+++ b/whitechapel/vendor/google/property.te
@ -1,6 +1,7 @@
 # For Exynos Properties
 vendor_internal_prop(vendor_prop)
 vendor_internal_prop(vendor_ims_prop)
 vendor_internal_prop(vendor_rcs_prop)
 vendor_internal_prop(vendor_rild_prop)
 vendor_internal_prop(vendor_slog_prop)
 vendor_internal_prop(sensors_prop)
--- a/whitechapel/vendor/google/rild.te
+++ b/whitechapel/vendor/google/rild.te
@ -24,6 +24,7 @@ binder_call(rild, hal_secure_element_default)
 binder_call(rild, platform_app)
 binder_call(rild, modem_svc_sit)
 binder_call(rild, vendor_ims_app)
 binder_call(rild, vendor_rcs_app)
 # for hal service
 add_hwservice(rild, hal_exynos_rild_hwservice)
--- a/whitechapel/vendor/google/seapp_contexts
+++ b/whitechapel/vendor/google/seapp_contexts
@ -9,6 +9,8 @@ user=system seinfo=platform name=com.samsung.slsi.telephony.networktestmode doma
 # Samsung S.LSI IMS
 user=_app isPrivApp=true name=com.shannon.imsservice domain=vendor_ims_app levelFrom=all
 user=_app isPrivApp=true name=com.shannon.imsservice:remote domain=vendor_ims_app levelFrom=all
 user=_app isPrivApp=true name=com.shannon.rcsservice domain=vendor_rcs_app levelFrom=all
 user=_app isPrivApp=true name=com.shannon.rcsservice:remote domain=vendor_rcs_app levelFrom=all
 user=_app isPrivApp=true name=com.shannon.qualifiednetworksservice domain=vendor_ims_app levelFrom=all
 # coredump/ramdump
--- a/whitechapel/vendor/google/vendor_init.te
+++ b/whitechapel/vendor/google/vendor_init.te
@ -6,6 +6,7 @@ set_prop(vendor_init, vendor_usb_config_prop)
 set_prop(vendor_init, vendor_slog_prop)
 set_prop(vendor_init, vendor_sys_default_prop)
 set_prop(vendor_init, vendor_ims_prop)
 set_prop(vendor_init, vendor_rcs_prop)
 set_prop(vendor_init, vendor_ssrdump_prop)
 set_prop(vendor_init, vendor_ro_config_default_prop)
 get_prop(vendor_init, vendor_touchpanel_prop)
--- a/whitechapel/vendor/google/vendor_rcs_app.te
+++ b/whitechapel/vendor/google/vendor_rcs_app.te
@ -0,0 +1,18 @@
 type vendor_rcs_app, domain;
 app_domain(vendor_rcs_app)
 net_domain(vendor_rcs_app)
 allow vendor_rcs_app app_api_service:service_manager find;
 allow vendor_rcs_app audioserver_service:service_manager find;
 allow vendor_rcs_app radio_service:service_manager find;
 allow vendor_rcs_app mediaserver_service:service_manager find;
 allow vendor_rcs_app cameraserver_service:service_manager find;
 allow vendor_rcs_app privapp_data_file:dir create_dir_perms;
 allow vendor_rcs_app privapp_data_file:file create_file_perms;
 allow vendor_rcs_app hal_exynos_rild_hwservice:hwservice_manager find;
 binder_call(vendor_rcs_app, rild)
 set_prop(vendor_rcs_app, vendor_rild_prop)
 set_prop(vendor_rcs_app, radio_prop)