Fix avc denied for vendor telephony debug app

avc: denied { find } for interface=vendor.samsung_slsi.telephony.hardware.radioExternal::IOemSlsiRadioExternal sid=u:r:vendor_telephony_debug_app:s0:c232,c259,c512,c768 pid=8533 scontext=u:r:vendor_telephony_debug_app:s0:c232,c259,c512,c768 tcontext=u:object_r:hal_exynos_rild_hwservice:s0 tclass=hwservice_manager permissive=0 avc: denied { getattr } for path="/data/user/0/com.samsung.slsi.sysdebugmode" dev="dm-39" ino=7431 scontext=u:r:vendor_telephony_debug_app:s0:c232,c259,c512,c768 tcontext=u:object_r:system_app_data_file:s0 tclass=dir permissive=0 avc: denied { search } for name="com.samsung.slsi.sysdebugmode" dev="dm-39" ino=7431 scontext=u:r:vendor_telephony_debug_app:s0:c232,c259,c512,c768 tcontext=u:object_r:system_app_data_file:s0 tclass=dir permissive=0 avc: denied { read } for name="u:object_r:default_prop:s0" dev="tmpfs" ino=150 scontext=u:r:vendor_telephony_debug_app:s0:c232,c259,c512,c768 tcontext=u:object_r:default_prop:s0 tclass=file permissive=0 avc: denied { getattr } for path="/data/user/0/com.samsung.slsi.sysdebugmode" dev="dm-39" ino=7431 scontext=u:r:vendor_telephony_debug_app:s0:c232,c259,c512,c768 tcontext=u:object_r:system_app_data_file:s0 tclass=dir permissive=0 avc: denied { read } for name="u:object_r:vendor_rild_prop:s0" dev="tmpfs" ino=344 scontext=u:r:vendor_telephony_debug_app:s0:c232,c259,c512,c768 tcontext=u:object_r:vendor_rild_prop:s0 tclass=file permissive=0 avc: denied { write } for name="property_service" dev="tmpfs" ino=379 scontext=u:r:vendor_telephony_debug_app:s0:c232,c259,c512,c768 tcontext=u:object_r:property_socket:s0 tclass=sock_file permissive=0 Test: manual test Bug: 241976048 Change-Id: I5aa49a8e243d212180c7da6f65da9021164fca44
2022-08-12 07:56:30 +00:00 · 2022-08-12 07:56:30 +00:00 · b69195ebe9
commit b69195ebe9
parent 74eb33d057
4 changed files with 22 additions and 0 deletions
--- a/whitechapel_pro/property.te
+++ b/whitechapel_pro/property.te
@ -34,3 +34,5 @@ system_vendor_config_prop(vendor_uwb_calibration_prop)
 # Dynamic sensor
 vendor_internal_prop(vendor_dynamic_sensor_prop)

+# Telephony debug app
+vendor_internal_prop(vendor_telephony_app_prop)
--- a/whitechapel_pro/property_contexts
+++ b/whitechapel_pro/property_contexts
@ -103,3 +103,6 @@ vendor.dynamic_sensor.                     u:object_r:vendor_dynamic_sensor_prop

 # for ims service
 persist.vendor.ims.                        u:object_r:vendor_imssvc_prop:s0
+
+# for vendor telephony debug app
+vendor.config.debug.                       u:object_r:vendor_telephony_app_prop:s0
--- a/whitechapel_pro/rild.te
+++ b/whitechapel_pro/rild.te
@ -26,6 +26,7 @@ binder_call(rild, oemrilservice_app)
 binder_call(rild, hal_secure_element_uicc)
 binder_call(rild, grilservice_app)
 binder_call(rild, vendor_engineermode_app)
+binder_call(rild, vendor_telephony_debug_app)

 # for hal service
 add_hwservice(rild, hal_exynos_rild_hwservice)
--- a/whitechapel_pro/vendor_telephony_debug_app.te
+++ b/whitechapel_pro/vendor_telephony_debug_app.te
@ -2,3 +2,19 @@ type vendor_telephony_debug_app, domain;
 app_domain(vendor_telephony_debug_app)

 allow vendor_telephony_debug_app app_api_service:service_manager find;
+allow vendor_telephony_debug_app hal_exynos_rild_hwservice:hwservice_manager find;
+
+binder_call(vendor_telephony_debug_app, rild)
+
+# RIL property
+set_prop(vendor_telephony_debug_app, vendor_rild_prop)
+
+# Debug property
+set_prop(vendor_telephony_debug_app, vendor_telephony_app_prop)
+
+userdebug_or_eng(`
+# System Debug Mode
+dontaudit vendor_telephony_debug_app system_app_data_file:dir create_dir_perms;
+dontaudit vendor_telephony_debug_app system_app_data_file:file create_file_perms;
+dontaudit vendor_telephony_debug_app default_prop:file r_file_perms;
+')