From 186040a5e9f844cc77d01f6be6e42c5da01c7cd5 Mon Sep 17 00:00:00 2001
From: neoyu <neoyu@google.com>
Date: Mon, 27 Dec 2021 11:58:19 +0800
Subject: [PATCH] Fix SELinux errors for vendor_ims_app

avc:  denied  { find } for pid=1813 uid=10213 name=isub scontext=u:r:vendor_ims_app:s0:c213,c256,c512,c768 tcontext=u:object_r:radio_service:s0 tclass=service_manager permissive=1
avc: denied { call } for scontext=u:r:vendor_ims_app:s0:c213,c256,c512,c768 tcontext=u:r:rild:s0 tclass=binder permissive=1 app=com.shannon.imsservice
avc: denied { transfer } for comm="nnon.imsservice" scontext=u:r:vendor_ims_app:s0:c213,c256,c512,c768 tcontext=u:r:rild:s0 tclass=binder permissive=1 app=com.shannon.imsservice
avc: denied { transfer } for scontext=u:r:vendor_ims_app:s0:c213,c256,c512,c768 tcontext=u:r:rild:s0 tclass=binder permissive=1 app=com.shannon.imsservice
avc: denied { call } for comm="nnon.imsservice" scontext=u:r:vendor_ims_app:s0:c213,c256,c512,c768 tcontext=u:r:rild:s0 tclass=binder permissive=1 app=com.shannon.imsservice
avc: denied { call } for comm="ImsConnectivity" scontext=u:r:vendor_ims_app:s0:c213,c256,c512,c768 tcontext=u:r:rild:s0 tclass=binder permissive=1 app=com.shannon.imsservice

Bug: 205780067
Bug: 205904439
Test: manual
Change-Id: I50b0861994f19801068a2559ac35521095a18339
---
 tracking_denials/vendor_ims_app.te | 5 -----
 whitechapel_pro/vendor_ims_app.te  | 3 +++
 2 files changed, 3 insertions(+), 5 deletions(-)
 delete mode 100644 tracking_denials/vendor_ims_app.te

diff --git a/tracking_denials/vendor_ims_app.te b/tracking_denials/vendor_ims_app.te
deleted file mode 100644
index 9ef9ca82..00000000
--- a/tracking_denials/vendor_ims_app.te
+++ /dev/null
@@ -1,5 +0,0 @@
-# b/205780067
-dontaudit vendor_ims_app radio_service:service_manager { find };
-# b/205904439
-dontaudit vendor_ims_app rild:binder { call };
-dontaudit vendor_ims_app rild:binder { transfer };
diff --git a/whitechapel_pro/vendor_ims_app.te b/whitechapel_pro/vendor_ims_app.te
index bdbba20d..9325a2b7 100644
--- a/whitechapel_pro/vendor_ims_app.te
+++ b/whitechapel_pro/vendor_ims_app.te
@@ -3,3 +3,6 @@ app_domain(vendor_ims_app)
 
 allow vendor_ims_app app_api_service:service_manager find;
 allow vendor_ims_app hal_exynos_rild_hwservice:hwservice_manager find;
+allow vendor_ims_app radio_service:service_manager find;
+
+binder_call(vendor_ims_app, rild)