From 281f3af6a6fd133d58b44cd20f176e4a43375984 Mon Sep 17 00:00:00 2001
From: Frank Yu <shengfanyu@google.com>
Date: Fri, 31 May 2024 07:08:45 +0000
Subject: [PATCH] Update sepolicy for radioext AIDL service.

avc logs for each rule:

SELinux : avc:  denied  { find } for pid=1965 uid=10238 name=vendor.google.radio_ext.IRadioExt/default scontext=u:r:grilservice_app:s0:c238,c256,c512,c768 tcontext=u:object_r:default_android_service:s0 tclass=service_manager permissive=0

auditd  : type=1400 audit(0.0:12): avc:  denied  { call } for  comm="oid.grilservice" scontext=u:r:grilservice_app:s0:c238,c256,c512,c768 tcontext=u:r:hal_radio_ext:s0 tclass=binder permissive=0 app=com.google.android.grilservice

Bug: 343576955
Test: Manual. grilservice_app invoke method in radio ext
successfully.
Change-Id: I7cff95231430d78a7e2436b2ba10acf45cd5dbd8

Change-Id: Ide8934503593804fcc141cd87e3eeffc0f5f55e2
---
 vendor/grilservice_app.te | 2 ++
 1 file changed, 2 insertions(+)
 create mode 100644 vendor/grilservice_app.te

diff --git a/vendor/grilservice_app.te b/vendor/grilservice_app.te
new file mode 100644
index 0000000..287053a
--- /dev/null
+++ b/vendor/grilservice_app.te
@@ -0,0 +1,2 @@
+allow grilservice_app hal_radio_ext_service:service_manager find;
+binder_call(grilservice_app, hal_radio_ext)
\ No newline at end of file