label oemrilservice_app and grant relevant permission

11-15 11:32:41.059 442 442 E SELinux : avc: denied { find } for interface=vendor.samsung_slsi.telephony.hardware.radioExternal::IOemSlsiRadioExternal sid=u:r:oemrilservice_app:s0:c195,c256,c512,c768 pid=1866 scontext=u:r:oemrilservice_app:s0:c195,c256,c512,c768 tcontext=u:object_r:hal_exynos_rild_hwservice:s0 tclass=hwservice_manager permissive=1 11-15 11:32:41.060 1013 1013 I rild_exynos: type=1400 audit(0.0:5): avc: denied { call } for scontext=u:r:rild:s0 tcontext=u:r:oemrilservice_app:s0:c195,c256,c512,c768 tclass=binder permissive=1 11-15 11:32:41.368 1013 1013 I rild_exynos: type=1400 audit(0.0:6): avc: denied { call } for scontext=u:r:rild:s0 tcontext=u:r:oemrilservice_app:s0:c195,c256,c512,c768 tclass=binder permissive=1 11-15 11:32:41.890 441 441 E SELinux : avc: denied { find } for pid=1866 uid=10195 name=isub scontext=u:r:oemrilservice_app:s0:c195,c256,c512,c768 tcontext=u:object_r:radio_service:s0 tclass=service_manager permissive=1 Bug: 205904553 Bug: 205073117 Bug: 204718782 Bug: 205904441 Test: boot with no relevant error log Change-Id: I258aa58b4d3c95b901405e9181138c0d68c2b154
2021-11-15 11:36:24 +08:00 · 2021-11-15 11:36:24 +08:00 · 2ef225b9c5
commit 2ef225b9c5
parent 94f78934d9
5 changed files with 10 additions and 10 deletions
--- a/tracking_denials/priv_app.te
+++ b/tracking_denials/priv_app.te
@ -1,9 +0,0 @@
-# b/204718782
-dontaudit priv_app hal_exynos_rild_hwservice:hwservice_manager { find };
-# b/205073117
-dontaudit priv_app vendor_default_prop:file { getattr };
-dontaudit priv_app vendor_default_prop:file { map };
-dontaudit priv_app vendor_default_prop:file { open };
-# b/205904553
-dontaudit priv_app rild:binder { call };
-dontaudit priv_app rild:binder { transfer };
--- a/tracking_denials/rild.te
+++ b/tracking_denials/rild.te
@ -6,6 +6,5 @@ dontaudit rild vendor_persist_config_default_prop:file { open };
 dontaudit rild vendor_persist_config_default_prop:file { read };
 # b/205904441
 dontaudit rild hal_secure_element_uicc:binder { call };
-dontaudit rild priv_app:binder { call };
 dontaudit rild vendor_ims_app:binder { call };
 dontaudit rild vendor_rcs_app:binder { call };
--- a/whitechapel_pro/oemrilservice_app.te
+++ b/whitechapel_pro/oemrilservice_app.te
@ -0,0 +1,8 @@
+type oemrilservice_app, domain;
+app_domain(oemrilservice_app)
+
+allow oemrilservice_app app_api_service:service_manager find;
+allow oemrilservice_app hal_exynos_rild_hwservice:hwservice_manager find;
+allow oemrilservice_app radio_service:service_manager find;
+
+binder_call(oemrilservice_app, rild)
--- a/whitechapel_pro/rild.te
+++ b/whitechapel_pro/rild.te
@ -18,6 +18,7 @@ binder_call(rild, bipchmgr)
 binder_call(rild, gpsd)
 binder_call(rild, hal_audio_default)
 binder_call(rild, modem_svc_sit)
+binder_call(rild, oemrilservice_app)

 # for hal service
 add_hwservice(rild, hal_exynos_rild_hwservice)
--- a/whitechapel_pro/seapp_contexts
+++ b/whitechapel_pro/seapp_contexts
@ -4,6 +4,7 @@ user=_app isPrivApp=true name=com.shannon.imsservice:remote domain=vendor_ims_re
 user=_app isPrivApp=true name=com.shannon.qualifiednetworksservice domain=vendor_qualifiednetworks_app levelFrom=all
 user=_app isPrivApp=true name=com.shannon.rcsservice domain=vendor_rcs_app levelFrom=all
 user=_app isPrivApp=true name=com.shannon.rcsservice:shannonrcsservice domain=vendor_rcs_service_app levelFrom=all
+user=_app isPrivApp=true name=com.samsung.slsi.telephony.oemril domain=oemrilservice_app levelFrom=all

 # Hardware Info Collection
 user=_app isPrivApp=true name=com.google.android.hardwareinfo domain=hardware_info_app type=app_data_file levelFrom=user