From 276b386b6f150e4573588fa9e95abc8d4e7d9088 Mon Sep 17 00:00:00 2001
From: Kelvin Zhang <zhangkelvin@google.com>
Date: Thu, 28 Mar 2024 20:21:00 -0700
Subject: [PATCH 1/2] Add necessary sepolicy for convert_modem_to_ext4

Test: reformat data as ext4, reboot
Bug: 293313353
Change-Id: Iede84b1827166f1581d80077fe1c4d93d01a815b
---
 radio/copy_efs_files_to_data.te | 37 +++++++++++++++++++++++++++++++++
 radio/file.te                   |  1 +
 radio/file_contexts             |  2 ++
 vendor/vendor_init.te           |  3 +++
 4 files changed, 43 insertions(+)
 create mode 100644 radio/copy_efs_files_to_data.te

diff --git a/radio/copy_efs_files_to_data.te b/radio/copy_efs_files_to_data.te
new file mode 100644
index 00000000..bfae50ed
--- /dev/null
+++ b/radio/copy_efs_files_to_data.te
@@ -0,0 +1,37 @@
+type copy_efs_files_to_data, domain;
+type copy_efs_files_to_data_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(copy_efs_files_to_data);
+
+
+
+# Allow creating files on /data/vendor/copied
+allow copy_efs_files_to_data modem_efs_image_file:dir  { create_dir_perms };
+allow copy_efs_files_to_data modem_efs_image_file:file { create_file_perms };
+allow copy_efs_files_to_data modem_efs_image_file:lnk_file { create_file_perms };
+
+
+# Allow execute binaries from /vendor/bin
+allow copy_efs_files_to_data vendor_toolbox_exec:file rx_file_perms;
+allow copy_efs_files_to_data vendor_shell_exec:file rx_file_perms;
+
+allow copy_efs_files_to_data mnt_vendor_file:dir { r_dir_perms setattr };
+
+allow copy_efs_files_to_data kmsg_debug_device:chr_file { w_file_perms ioctl getattr };
+
+
+# For reading files on /mnt/vendor/persist
+allow copy_efs_files_to_data vendor_persist_type:dir { r_dir_perms setattr };
+allow copy_efs_files_to_data vendor_persist_type:file { r_file_perms setattr };
+allow copy_efs_files_to_data tee_data_file:lnk_file r_file_perms;
+
+# For reading files on /mnt/vendor/efs
+allow copy_efs_files_to_data modem_efs_file:dir { r_dir_perms setattr };
+allow copy_efs_files_to_data modem_efs_file:file { r_file_perms setattr };
+
+# For reading files on /mnt/vendor/modem_userdata
+allow copy_efs_files_to_data modem_userdata_file:dir { r_dir_perms setattr };
+allow copy_efs_files_to_data modem_userdata_file:file { r_file_perms setattr };
+
+# Allow changing permission of files on /data/vendor/copied, part of cp -rp
+allow copy_efs_files_to_data self:capability { fowner chown };
diff --git a/radio/file.te b/radio/file.te
index daceb569..dcdf1302 100644
--- a/radio/file.te
+++ b/radio/file.te
@@ -1,5 +1,6 @@
 # Data
 type rild_vendor_data_file, file_type, data_file_type;
+type modem_efs_image_file, file_type, data_file_type;
 type vendor_gps_file, file_type, data_file_type;
 type modem_ml_data_file, file_type, data_file_type;
 type modem_stat_data_file, file_type, data_file_type;
diff --git a/radio/file_contexts b/radio/file_contexts
index 1fcdfdd3..d4f29be0 100644
--- a/radio/file_contexts
+++ b/radio/file_contexts
@@ -12,6 +12,7 @@
 /vendor/bin/hw/rild_exynos                                                  u:object_r:rild_exec:s0
 /vendor/bin/hw/vendor\.google\.radioext@1\.0-service                        u:object_r:hal_radioext_default_exec:s0
 /vendor/bin/liboemservice_proxy_default                                     u:object_r:liboemservice_proxy_default_exec:s0
+/vendor/bin/copy_efs_files_to_data                                                            u:object_r:copy_efs_files_to_data_exec:s0
 
 # Config files
 /vendor/etc/modem_ml_models\.conf                                           u:object_r:modem_config_file:s0
@@ -23,6 +24,7 @@
 /data/vendor/modem_ml(/.*)?                                                 u:object_r:modem_ml_data_file:s0
 /data/vendor/modem_stat(/.*)?                                               u:object_r:modem_stat_data_file:s0
 /data/vendor/rild(/.*)?                                                     u:object_r:rild_vendor_data_file:s0
+/data/vendor/copied(/.*)?                                                     u:object_r:modem_efs_image_file:s0
 
 # vendor extra images
 /mnt/vendor/efs(/.*)?                                                       u:object_r:modem_efs_file:s0
diff --git a/vendor/vendor_init.te b/vendor/vendor_init.te
index 77d3da1c..02fee98d 100644
--- a/vendor/vendor_init.te
+++ b/vendor/vendor_init.te
@@ -38,3 +38,6 @@ allow vendor_init proc_watermark_scale_factor:file w_file_perms;
 # Allow vendor_init to read ro.vendor.persist.status
 # to process init.rc actions
 set_prop(vendor_init, vendor_persist_prop)
+# Allow vendor_init to read ro.product.build.16k_page.enabled
+# to process init.rc actions
+get_prop(vendor_init, enable_16k_pages_prop)

From 2bf59857dada68a86de80311d7cba0ba6aad072e Mon Sep 17 00:00:00 2001
From: Pechetty Sravani <pechetty@google.com>
Date: Tue, 7 May 2024 07:19:37 +0000
Subject: [PATCH 2/2] Revert "Add necessary sepolicy for convert_modem_to_ext4"

Revert submission 26822004

Reason for revert: <Potential culprit for b/339099720- verifying through ABTD before revert submission. This is part of the standard investigation process, and does not mean your CL will be reverted.>

Reverted changes: /q/submissionid:26822004

Change-Id: I90e3bf5ecbdf6c058c56293cfba59c628ccc7aba
---
 radio/copy_efs_files_to_data.te | 37 ---------------------------------
 radio/file.te                   |  1 -
 radio/file_contexts             |  2 --
 vendor/vendor_init.te           |  3 ---
 4 files changed, 43 deletions(-)
 delete mode 100644 radio/copy_efs_files_to_data.te

diff --git a/radio/copy_efs_files_to_data.te b/radio/copy_efs_files_to_data.te
deleted file mode 100644
index bfae50ed..00000000
--- a/radio/copy_efs_files_to_data.te
+++ /dev/null
@@ -1,37 +0,0 @@
-type copy_efs_files_to_data, domain;
-type copy_efs_files_to_data_exec, exec_type, vendor_file_type, file_type;
-
-init_daemon_domain(copy_efs_files_to_data);
-
-
-
-# Allow creating files on /data/vendor/copied
-allow copy_efs_files_to_data modem_efs_image_file:dir  { create_dir_perms };
-allow copy_efs_files_to_data modem_efs_image_file:file { create_file_perms };
-allow copy_efs_files_to_data modem_efs_image_file:lnk_file { create_file_perms };
-
-
-# Allow execute binaries from /vendor/bin
-allow copy_efs_files_to_data vendor_toolbox_exec:file rx_file_perms;
-allow copy_efs_files_to_data vendor_shell_exec:file rx_file_perms;
-
-allow copy_efs_files_to_data mnt_vendor_file:dir { r_dir_perms setattr };
-
-allow copy_efs_files_to_data kmsg_debug_device:chr_file { w_file_perms ioctl getattr };
-
-
-# For reading files on /mnt/vendor/persist
-allow copy_efs_files_to_data vendor_persist_type:dir { r_dir_perms setattr };
-allow copy_efs_files_to_data vendor_persist_type:file { r_file_perms setattr };
-allow copy_efs_files_to_data tee_data_file:lnk_file r_file_perms;
-
-# For reading files on /mnt/vendor/efs
-allow copy_efs_files_to_data modem_efs_file:dir { r_dir_perms setattr };
-allow copy_efs_files_to_data modem_efs_file:file { r_file_perms setattr };
-
-# For reading files on /mnt/vendor/modem_userdata
-allow copy_efs_files_to_data modem_userdata_file:dir { r_dir_perms setattr };
-allow copy_efs_files_to_data modem_userdata_file:file { r_file_perms setattr };
-
-# Allow changing permission of files on /data/vendor/copied, part of cp -rp
-allow copy_efs_files_to_data self:capability { fowner chown };
diff --git a/radio/file.te b/radio/file.te
index dcdf1302..daceb569 100644
--- a/radio/file.te
+++ b/radio/file.te
@@ -1,6 +1,5 @@
 # Data
 type rild_vendor_data_file, file_type, data_file_type;
-type modem_efs_image_file, file_type, data_file_type;
 type vendor_gps_file, file_type, data_file_type;
 type modem_ml_data_file, file_type, data_file_type;
 type modem_stat_data_file, file_type, data_file_type;
diff --git a/radio/file_contexts b/radio/file_contexts
index d4f29be0..1fcdfdd3 100644
--- a/radio/file_contexts
+++ b/radio/file_contexts
@@ -12,7 +12,6 @@
 /vendor/bin/hw/rild_exynos                                                  u:object_r:rild_exec:s0
 /vendor/bin/hw/vendor\.google\.radioext@1\.0-service                        u:object_r:hal_radioext_default_exec:s0
 /vendor/bin/liboemservice_proxy_default                                     u:object_r:liboemservice_proxy_default_exec:s0
-/vendor/bin/copy_efs_files_to_data                                                            u:object_r:copy_efs_files_to_data_exec:s0
 
 # Config files
 /vendor/etc/modem_ml_models\.conf                                           u:object_r:modem_config_file:s0
@@ -24,7 +23,6 @@
 /data/vendor/modem_ml(/.*)?                                                 u:object_r:modem_ml_data_file:s0
 /data/vendor/modem_stat(/.*)?                                               u:object_r:modem_stat_data_file:s0
 /data/vendor/rild(/.*)?                                                     u:object_r:rild_vendor_data_file:s0
-/data/vendor/copied(/.*)?                                                     u:object_r:modem_efs_image_file:s0
 
 # vendor extra images
 /mnt/vendor/efs(/.*)?                                                       u:object_r:modem_efs_file:s0
diff --git a/vendor/vendor_init.te b/vendor/vendor_init.te
index 02fee98d..77d3da1c 100644
--- a/vendor/vendor_init.te
+++ b/vendor/vendor_init.te
@@ -38,6 +38,3 @@ allow vendor_init proc_watermark_scale_factor:file w_file_perms;
 # Allow vendor_init to read ro.vendor.persist.status
 # to process init.rc actions
 set_prop(vendor_init, vendor_persist_prop)
-# Allow vendor_init to read ro.product.build.16k_page.enabled
-# to process init.rc actions
-get_prop(vendor_init, enable_16k_pages_prop)