review cbd

Bug: 198532074 Test: boot with cbd started Change-Id: Iced4bfaa9ea8e749cc0a8cb7a8da91abfc88d765
2021-09-02 10:48:20 +08:00 · 2021-09-02 10:48:20 +08:00 · c6111a8666
commit c6111a8666
parent f5ed5632e2
9 changed files with 16 additions and 18 deletions
--- a/legacy/device.te
+++ b/legacy/device.te
@ -1,7 +1,6 @@
 # Block Devices
 type efs_block_device, dev_type;
 type fat_block_device, dev_type;
-type modem_block_device, dev_type;
 type modem_userdata_block_device, dev_type;
 type persist_block_device, dev_type;
 type vendor_block_device, dev_type;
--- a/legacy/file.te
+++ b/legacy/file.te
@ -84,10 +84,7 @@ type rild_vendor_data_file, file_type, data_file_type;

 # Modem
 type modem_stat_data_file, file_type, data_file_type;
-type modem_efs_file, file_type;
-type modem_userdata_file, file_type;
 type sysfs_modem, sysfs_type, fs_type;
-type persist_modem_file, file_type, vendor_persist_type;

 # TCP logging
 type tcpdump_vendor_data_file, file_type, data_file_type, mlstrustedobject;
--- a/legacy/file_contexts
+++ b/legacy/file_contexts
@ -36,8 +36,6 @@
 /dev/block/platform/14700000\.ufs/by-name/efs_backup          u:object_r:efs_block_device:s0
 /dev/block/platform/14700000\.ufs/by-name/modem_userdata      u:object_r:modem_userdata_block_device:s0
 /dev/block/platform/14700000\.ufs/by-name/fat                 u:object_r:fat_block_device:s0
-/dev/block/platform/14700000\.ufs/by-name/modem_[ab]          u:object_r:modem_block_device:s0
-/dev/block/platform/14700000\.ufs/by-name/modem               u:object_r:modem_block_device:s0
 /dev/block/platform/14700000\.ufs/by-name/persist             u:object_r:persist_block_device:s0
 /dev/block/platform/14700000\.ufs/by-name/system              u:object_r:system_block_device:s0
 /dev/block/platform/14700000\.ufs/by-name/userdata            u:object_r:userdata_block_device:s0
@ -105,7 +103,6 @@
 #
 # Exynos Daemon Exec
 #
-/(vendor|system/vendor)/bin/cbd                u:object_r:cbd_exec:s0
 /(vendor|system/vendor)/bin/hw/rild_exynos     u:object_r:rild_exec:s0
 /(vendor|system/vendor)/bin/rfsd               u:object_r:rfsd_exec:s0
 /(vendor|system/vendor)/bin/bipchmgr           u:object_r:bipchmgr_exec:s0
@ -211,12 +208,6 @@
 /vendor/bin/modem_svc_sit           u:object_r:modem_svc_sit_exec:s0
 /data/vendor/modem_stat/debug\.txt  u:object_r:modem_stat_data_file:s0

-# modem mnt files
-/mnt/vendor/efs(/.*)?                                         u:object_r:modem_efs_file:s0
-/mnt/vendor/efs_backup(/.*)?                                  u:object_r:modem_efs_file:s0
-/mnt/vendor/modem_userdata(/.*)?                              u:object_r:modem_userdata_file:s0
-/mnt/vendor/persist/modem(/.*)?                               u:object_r:persist_modem_file:s0
-
 # Kernel modules related
 /vendor/bin/init\.insmod\.sh    u:object_r:init-insmod-sh_exec:s0

--- a/legacy/vendor_init.te
+++ b/legacy/vendor_init.te
@ -1,6 +1,5 @@
 set_prop(vendor_init, vendor_device_prop)
 set_prop(vendor_init, vendor_modem_prop)
-set_prop(vendor_init, vendor_cbd_prop)
 set_prop(vendor_init, vendor_rild_prop)
 set_prop(vendor_init, vendor_usb_config_prop)
 set_prop(vendor_init, vendor_slog_prop)
--- a/whitechapel_pro/cbd.te
+++ b/whitechapel_pro/cbd.te
@ -6,10 +6,6 @@ set_prop(cbd, vendor_modem_prop)
 set_prop(cbd, vendor_cbd_prop)
 set_prop(cbd, vendor_rild_prop)

-# Allow cbd to setuid from root to radio
-# TODO: confirming with vendor via b/182334947
-allow cbd self:capability { setgid setuid };
-
 allow cbd mnt_vendor_file:dir r_dir_perms;

 allow cbd kmsg_device:chr_file rw_file_perms;
--- a/whitechapel_pro/device.te
+++ b/whitechapel_pro/device.te
@ -1,2 +1,3 @@
 type sda_block_device, dev_type, bdev_type;
 type devinfo_block_device, dev_type, bdev_type;
+type modem_block_device, dev_type, bdev_type;
--- a/whitechapel_pro/file.te
+++ b/whitechapel_pro/file.te
@ -17,6 +17,12 @@ type sysfs_ota, sysfs_type, fs_type;
 type modem_img_file, contextmount_type, file_type, vendor_file_type;
 allow modem_img_file self:filesystem associate;

+# persist
+type persist_modem_file, file_type, vendor_persist_type;
+
 # CHRE
 type chre_socket, file_type;

+# Modem
+type modem_efs_file, file_type;
+type modem_userdata_file, file_type;
--- a/whitechapel_pro/file_contexts
+++ b/whitechapel_pro/file_contexts
@ -4,6 +4,7 @@
 /vendor/bin/sced                                              u:object_r:sced_exec:s0
 /vendor/bin/vcd                                               u:object_r:vcd_exec:s0
 /vendor/bin/chre                                              u:object_r:chre_exec:s0
+/vendor/bin/cbd                                               u:object_r:cbd_exec:s0

 # Vendor Firmwares
 /vendor/firmware(/.*)?                                        u:object_r:vendor_fw_file:s0
@ -20,10 +21,17 @@
 /dev/socket/chre                                              u:object_r:chre_socket:s0
 /dev/block/sda                                                u:object_r:sda_block_device:s0
 /dev/block/platform/14700000\.ufs/by-name/devinfo             u:object_r:devinfo_block_device:s0
+/dev/block/platform/14700000\.ufs/by-name/modem_[ab]          u:object_r:modem_block_device:s0

 # Data
 /data/vendor/slog(/.*)?                                       u:object_r:vendor_slog_file:s0
 /data/vendor/radio(/.*)?                                      u:object_r:radio_vendor_data_file:s0

+# Persist
+/mnt/vendor/persist/modem(/.*)?                               u:object_r:persist_modem_file:s0
+
 # Extra mount images
 /mnt/vendor/modem_img(/.*)?                                   u:object_r:modem_img_file:s0
+/mnt/vendor/efs(/.*)?                                         u:object_r:modem_efs_file:s0
+/mnt/vendor/efs_backup(/.*)?                                  u:object_r:modem_efs_file:s0
+/mnt/vendor/modem_userdata(/.*)?                              u:object_r:modem_userdata_file:s0
--- a/whitechapel_pro/vendor_init.te
+++ b/whitechapel_pro/vendor_init.te
@ -0,0 +1 @@
+set_prop(vendor_init, vendor_cbd_prop)