From 94d7f6cce6e8a19dd23966cefc603b4bbc689216 Mon Sep 17 00:00:00 2001
From: Jinting Lin <jintinglin@google.com>
Date: Tue, 1 Mar 2022 12:00:15 +0000
Subject: [PATCH] Fix avc denied for slsi engineermode app

log:
avc: denied  { find } for interface=vendor.samsung_slsi.telephony.hardware.radioExternal::IOemSlsiRadioExternal sid=u:r:platform_app:s0:c512,c768 pid=5111 scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:hal_exynos_rild_hwservice:s0 tclass=hwservice_manager permissive=0
avc: denied { call } for comm="si.engineermode" scontext=u:r:platform_app:s0:c512,c768 tcontext=u:r:rild:s0 tclass=binder permissive=0 app=com.samsung.slsi.engineermode
avc: denied { call } for comm="HwBinder:1016_1" scontext=u:r:rild:s0 tcontext=u:r:platform_app:s0:c512,c768 tclass=binder permissive=0
avc: denied { read } for name="u:object_r:default_prop:s0" dev="tmpfs" ino=154 scontext=u:r:vendor_engineermode_app:s0:c225,c256,c512,c768 tcontext=u:object_r:default_prop:s0 tclass=file permissive=0 app=com.samsung.slsi.engineermode

Test: side load the trail build sepolicy, then check the app

Bug: 221482792
Change-Id: I84768ed128a2b8c57d6a3e0a0f0aa8c4d4b91857
---
 whitechapel_pro/rild.te                    |  1 +
 whitechapel_pro/seapp_contexts             |  3 +++
 whitechapel_pro/vendor_engineermode_app.te | 12 ++++++++++++
 3 files changed, 16 insertions(+)
 create mode 100644 whitechapel_pro/vendor_engineermode_app.te

diff --git a/whitechapel_pro/rild.te b/whitechapel_pro/rild.te
index 89ed610d..d8c8c290 100644
--- a/whitechapel_pro/rild.te
+++ b/whitechapel_pro/rild.te
@@ -25,6 +25,7 @@ binder_call(rild, vendor_rcs_app)
 binder_call(rild, oemrilservice_app)
 binder_call(rild, hal_secure_element_uicc)
 binder_call(rild, grilservice_app)
+binder_call(rild, vendor_engineermode_app)
 
 # for hal service
 add_hwservice(rild, hal_exynos_rild_hwservice)
diff --git a/whitechapel_pro/seapp_contexts b/whitechapel_pro/seapp_contexts
index 81577b60..88789fc7 100644
--- a/whitechapel_pro/seapp_contexts
+++ b/whitechapel_pro/seapp_contexts
@@ -14,6 +14,9 @@ user=system seinfo=platform name=com.samsung.slsi.telephony.uartswitch domain=ve
 user=system seinfo=platform name=com.samsung.slsi.sysdebugmode domain=vendor_telephony_debug_app levelFrom=all
 user=system seinfo=platform name=com.samsung.slsi.telephony.networktestmode domain=vendor_telephony_network_test_app levelFrom=all
 
+# Samsung S.LSI engineer mode
+user=_app seinfo=platform name=com.samsung.slsi.engineermode domain=vendor_engineermode_app levelFrom=all
+
 # Hardware Info Collection
 user=_app isPrivApp=true name=com.google.android.hardwareinfo domain=hardware_info_app type=app_data_file levelFrom=user
 
diff --git a/whitechapel_pro/vendor_engineermode_app.te b/whitechapel_pro/vendor_engineermode_app.te
new file mode 100644
index 00000000..d35403a2
--- /dev/null
+++ b/whitechapel_pro/vendor_engineermode_app.te
@@ -0,0 +1,12 @@
+type vendor_engineermode_app, domain;
+app_domain(vendor_engineermode_app)
+
+binder_call(vendor_engineermode_app, rild)
+
+allow vendor_engineermode_app app_api_service:service_manager find;
+allow vendor_engineermode_app hal_exynos_rild_hwservice:hwservice_manager find;
+
+userdebug_or_eng(`
+  dontaudit vendor_engineermode_app default_prop:file r_file_perms;
+')
+