From c6111a8666ebbe20f48af3a59f42a54c17640741 Mon Sep 17 00:00:00 2001
From: Adam Shih <adamshih@google.com>
Date: Thu, 2 Sep 2021 10:48:20 +0800
Subject: [PATCH] review cbd

Bug: 198532074
Test: boot with cbd started
Change-Id: Iced4bfaa9ea8e749cc0a8cb7a8da91abfc88d765
---
 legacy/device.te                   | 1 -
 legacy/file.te                     | 3 ---
 legacy/file_contexts               | 9 ---------
 legacy/vendor_init.te              | 1 -
 {legacy => whitechapel_pro}/cbd.te | 4 ----
 whitechapel_pro/device.te          | 1 +
 whitechapel_pro/file.te            | 6 ++++++
 whitechapel_pro/file_contexts      | 8 ++++++++
 whitechapel_pro/vendor_init.te     | 1 +
 9 files changed, 16 insertions(+), 18 deletions(-)
 rename {legacy => whitechapel_pro}/cbd.te (93%)
 create mode 100644 whitechapel_pro/vendor_init.te

diff --git a/legacy/device.te b/legacy/device.te
index 7bf1b260..669892d6 100644
--- a/legacy/device.te
+++ b/legacy/device.te
@@ -1,7 +1,6 @@
 # Block Devices
 type efs_block_device, dev_type;
 type fat_block_device, dev_type;
-type modem_block_device, dev_type;
 type modem_userdata_block_device, dev_type;
 type persist_block_device, dev_type;
 type vendor_block_device, dev_type;
diff --git a/legacy/file.te b/legacy/file.te
index c7d1a681..6ba99f7f 100644
--- a/legacy/file.te
+++ b/legacy/file.te
@@ -84,10 +84,7 @@ type rild_vendor_data_file, file_type, data_file_type;
 
 # Modem
 type modem_stat_data_file, file_type, data_file_type;
-type modem_efs_file, file_type;
-type modem_userdata_file, file_type;
 type sysfs_modem, sysfs_type, fs_type;
-type persist_modem_file, file_type, vendor_persist_type;
 
 # TCP logging
 type tcpdump_vendor_data_file, file_type, data_file_type, mlstrustedobject;
diff --git a/legacy/file_contexts b/legacy/file_contexts
index 6c86fe06..6d0c5cef 100644
--- a/legacy/file_contexts
+++ b/legacy/file_contexts
@@ -36,8 +36,6 @@
 /dev/block/platform/14700000\.ufs/by-name/efs_backup          u:object_r:efs_block_device:s0
 /dev/block/platform/14700000\.ufs/by-name/modem_userdata      u:object_r:modem_userdata_block_device:s0
 /dev/block/platform/14700000\.ufs/by-name/fat                 u:object_r:fat_block_device:s0
-/dev/block/platform/14700000\.ufs/by-name/modem_[ab]          u:object_r:modem_block_device:s0
-/dev/block/platform/14700000\.ufs/by-name/modem               u:object_r:modem_block_device:s0
 /dev/block/platform/14700000\.ufs/by-name/persist             u:object_r:persist_block_device:s0
 /dev/block/platform/14700000\.ufs/by-name/system              u:object_r:system_block_device:s0
 /dev/block/platform/14700000\.ufs/by-name/userdata            u:object_r:userdata_block_device:s0
@@ -105,7 +103,6 @@
 #
 # Exynos Daemon Exec
 #
-/(vendor|system/vendor)/bin/cbd                u:object_r:cbd_exec:s0
 /(vendor|system/vendor)/bin/hw/rild_exynos     u:object_r:rild_exec:s0
 /(vendor|system/vendor)/bin/rfsd               u:object_r:rfsd_exec:s0
 /(vendor|system/vendor)/bin/bipchmgr           u:object_r:bipchmgr_exec:s0
@@ -211,12 +208,6 @@
 /vendor/bin/modem_svc_sit           u:object_r:modem_svc_sit_exec:s0
 /data/vendor/modem_stat/debug\.txt  u:object_r:modem_stat_data_file:s0
 
-# modem mnt files
-/mnt/vendor/efs(/.*)?                                         u:object_r:modem_efs_file:s0
-/mnt/vendor/efs_backup(/.*)?                                  u:object_r:modem_efs_file:s0
-/mnt/vendor/modem_userdata(/.*)?                              u:object_r:modem_userdata_file:s0
-/mnt/vendor/persist/modem(/.*)?                               u:object_r:persist_modem_file:s0
-
 # Kernel modules related
 /vendor/bin/init\.insmod\.sh    u:object_r:init-insmod-sh_exec:s0
 
diff --git a/legacy/vendor_init.te b/legacy/vendor_init.te
index 8ac90b4c..759fa83d 100644
--- a/legacy/vendor_init.te
+++ b/legacy/vendor_init.te
@@ -1,6 +1,5 @@
 set_prop(vendor_init, vendor_device_prop)
 set_prop(vendor_init, vendor_modem_prop)
-set_prop(vendor_init, vendor_cbd_prop)
 set_prop(vendor_init, vendor_rild_prop)
 set_prop(vendor_init, vendor_usb_config_prop)
 set_prop(vendor_init, vendor_slog_prop)
diff --git a/legacy/cbd.te b/whitechapel_pro/cbd.te
similarity index 93%
rename from legacy/cbd.te
rename to whitechapel_pro/cbd.te
index 23c4e576..835a0e1c 100644
--- a/legacy/cbd.te
+++ b/whitechapel_pro/cbd.te
@@ -6,10 +6,6 @@ set_prop(cbd, vendor_modem_prop)
 set_prop(cbd, vendor_cbd_prop)
 set_prop(cbd, vendor_rild_prop)
 
-# Allow cbd to setuid from root to radio
-# TODO: confirming with vendor via b/182334947
-allow cbd self:capability { setgid setuid };
-
 allow cbd mnt_vendor_file:dir r_dir_perms;
 
 allow cbd kmsg_device:chr_file rw_file_perms;
diff --git a/whitechapel_pro/device.te b/whitechapel_pro/device.te
index e2c1e04c..5140108b 100644
--- a/whitechapel_pro/device.te
+++ b/whitechapel_pro/device.te
@@ -1,2 +1,3 @@
 type sda_block_device, dev_type, bdev_type;
 type devinfo_block_device, dev_type, bdev_type;
+type modem_block_device, dev_type, bdev_type;
diff --git a/whitechapel_pro/file.te b/whitechapel_pro/file.te
index ce53d47c..69acff6e 100644
--- a/whitechapel_pro/file.te
+++ b/whitechapel_pro/file.te
@@ -17,6 +17,12 @@ type sysfs_ota, sysfs_type, fs_type;
 type modem_img_file, contextmount_type, file_type, vendor_file_type;
 allow modem_img_file self:filesystem associate;
 
+# persist
+type persist_modem_file, file_type, vendor_persist_type;
+
 # CHRE
 type chre_socket, file_type;
 
+# Modem
+type modem_efs_file, file_type;
+type modem_userdata_file, file_type;
diff --git a/whitechapel_pro/file_contexts b/whitechapel_pro/file_contexts
index 95613c6b..9a60b68e 100644
--- a/whitechapel_pro/file_contexts
+++ b/whitechapel_pro/file_contexts
@@ -4,6 +4,7 @@
 /vendor/bin/sced                                              u:object_r:sced_exec:s0
 /vendor/bin/vcd                                               u:object_r:vcd_exec:s0
 /vendor/bin/chre                                              u:object_r:chre_exec:s0
+/vendor/bin/cbd                                               u:object_r:cbd_exec:s0
 
 # Vendor Firmwares
 /vendor/firmware(/.*)?                                        u:object_r:vendor_fw_file:s0
@@ -20,10 +21,17 @@
 /dev/socket/chre                                              u:object_r:chre_socket:s0
 /dev/block/sda                                                u:object_r:sda_block_device:s0
 /dev/block/platform/14700000\.ufs/by-name/devinfo             u:object_r:devinfo_block_device:s0
+/dev/block/platform/14700000\.ufs/by-name/modem_[ab]          u:object_r:modem_block_device:s0
 
 # Data
 /data/vendor/slog(/.*)?                                       u:object_r:vendor_slog_file:s0
 /data/vendor/radio(/.*)?                                      u:object_r:radio_vendor_data_file:s0
 
+# Persist
+/mnt/vendor/persist/modem(/.*)?                               u:object_r:persist_modem_file:s0
+
 # Extra mount images
 /mnt/vendor/modem_img(/.*)?                                   u:object_r:modem_img_file:s0
+/mnt/vendor/efs(/.*)?                                         u:object_r:modem_efs_file:s0
+/mnt/vendor/efs_backup(/.*)?                                  u:object_r:modem_efs_file:s0
+/mnt/vendor/modem_userdata(/.*)?                              u:object_r:modem_userdata_file:s0
diff --git a/whitechapel_pro/vendor_init.te b/whitechapel_pro/vendor_init.te
new file mode 100644
index 00000000..4218745a
--- /dev/null
+++ b/whitechapel_pro/vendor_init.te
@@ -0,0 +1 @@
+set_prop(vendor_init, vendor_cbd_prop)