From ac39f865e182a4a8cc9ce65670d02c1e088d36ee Mon Sep 17 00:00:00 2001
From: Mike Wang <mikeyuewang@google.com>
Date: Fri, 29 Sep 2023 21:33:53 +0000
Subject: [PATCH] Add selinux policy change to allow MDS access Samsung OemRil
 hal.

Bug: 301641283

selinux log:
11-03 15:32:38.850  2643  2643 I auditd  : type=1400 audit(0.0:1616): avc:  denied  { call } for  comm="binder:2643_3" scontext=u:r:modem_diagnostic_app:s0:c512,c768 tcontext=u:r:rild:s0 tclass=binder permissive=1 app=com.google.mds
11-03 15:32:38.850  2643  2643 I binder:2643_3: type=1400 audit(0.0:1616): avc:  denied  { call } for  scontext=u:r:modem_diagnostic_app:s0:c512,c768 tcontext=u:r:rild:s0 tclass=binder permissive=1 app=com.google.mds
11-03 15:32:38.854  2643  2643 I auditd  : type=1400 audit(0.0:1617): avc:  denied  { transfer } for  comm="binder:2643_3" scontext=u:r:modem_diagnostic_app:s0:c512,c768 tcontext=u:r:rild:s0 tclass=binder permissive=1 app=com.google.mds
11-03 15:32:38.854  2643  2643 I binder:2643_3: type=1400 audit(0.0:1617): avc:  denied  { transfer } for  scontext=u:r:modem_diagnostic_app:s0:c512,c768 tcontext=u:r:rild:s0 tclass=binder permissive=1 app=com.google.mds
11-03 15:32:38.854  1095  1095 I auditd  : type=1400 audit(0.0:1618): avc:  denied  { call } for  comm="HwBinder:1095_1" scontext=u:r:rild:s0 tcontext=u:r:modem_diagnostic_app:s0:c512,c768 tclass=binder permissive=1
11-03 15:32:38.854  1095  1095 I HwBinder:1095_1: type=1400 audit(0.0:1618): avc:  denied  { call } for  scontext=u:r:rild:s0 tcontext=u:r:modem_diagnostic_app:s0:c512,c768 tclass=binder permissive=1

Change-Id: I62986e4bb0a4ed04616f8f3a8521f01934e63d74
---
 whitechapel_pro/modem_diagnostic_app.te | 3 +++
 whitechapel_pro/rild.te                 | 2 ++
 2 files changed, 5 insertions(+)

diff --git a/whitechapel_pro/modem_diagnostic_app.te b/whitechapel_pro/modem_diagnostic_app.te
index b5cce03a..b21b7929 100644
--- a/whitechapel_pro/modem_diagnostic_app.te
+++ b/whitechapel_pro/modem_diagnostic_app.te
@@ -9,6 +9,9 @@ allow modem_diagnostic_app radio_service:service_manager find;
 userdebug_or_eng(`
   hal_client_domain(modem_diagnostic_app, hal_power_stats);
 
+  allow modem_diagnostic_app hal_exynos_rild_hwservice:hwservice_manager find;
+  binder_call(modem_diagnostic_app, rild)
+
   binder_call(modem_diagnostic_app, dmd)
 
   set_prop(modem_diagnostic_app, vendor_cbd_prop)
diff --git a/whitechapel_pro/rild.te b/whitechapel_pro/rild.te
index 534bea17..356e8727 100644
--- a/whitechapel_pro/rild.te
+++ b/whitechapel_pro/rild.te
@@ -43,4 +43,6 @@ allow rild modem_img_file:lnk_file r_file_perms;
 # Allow rild to ptrace for memory leak detection
 userdebug_or_eng(`
 allow rild self:process ptrace;
+
+binder_call(rild, modem_diagnostic_app)
 ')