Modem ML: create selinux rules

Bug: 262338662 Change-Id: I899a03a36b542bbf6b9e4b936f279f2d6b4a4c7b
2022-12-13 15:12:49 +08:00 · 2022-12-13 15:12:49 +08:00 · 6ea5e4634a
commit 6ea5e4634a
parent 6b40c66a4a
3 changed files with 27 additions and 0 deletions
--- a/radio/file.te
+++ b/radio/file.te
@ -25,6 +25,7 @@ type vendor_fw_file, vendor_file_type, file_type;
 # vendor extra images
 type modem_img_file, contextmount_type, file_type, vendor_file_type;
 allow modem_img_file self:filesystem associate;
+type modem_config_file, file_type, vendor_file_type;

 # sysfs
 type sysfs_chosen, sysfs_type, fs_type;
--- a/radio/file_contexts
+++ b/radio/file_contexts
@ -7,10 +7,14 @@
 /vendor/bin/rfsd                                                            u:object_r:rfsd_exec:s0
 /vendor/bin/modem_logging_control                                           u:object_r:modem_logging_control_exec:s0
 /vendor/bin/modem_svc_sit                                                   u:object_r:modem_svc_sit_exec:s0
+/vendor/bin/modem_ml_svc_sit                                                u:object_r:modem_ml_svc_sit_exec:s0
 /vendor/bin/cbd                                                             u:object_r:cbd_exec:s0
 /vendor/bin/hw/rild_exynos                                                  u:object_r:rild_exec:s0
 /vendor/bin/hw/vendor\.google\.radioext@1\.0-service                        u:object_r:hal_radioext_default_exec:s0

+# Config files
+/vendor/etc/modem_ml_models\.conf                                           u:object_r:modem_config_file:s0
+
 # Data
 /data/vendor/log/rfsd(/.*)?                                                 u:object_r:vendor_rfsd_log_file:s0
 /data/vendor/radio(/.*)?                                                    u:object_r:radio_vendor_data_file:s0
--- a/radio/modem_ml_svc_sit.te
+++ b/radio/modem_ml_svc_sit.te
@ -0,0 +1,22 @@
+type modem_ml_svc_sit, domain;
+type modem_ml_svc_sit_exec, vendor_file_type, exec_type, file_type;
+init_daemon_domain(modem_ml_svc_sit)
+
+binder_use(modem_ml_svc_sit)
+
+# Grant radio device access
+allow modem_ml_svc_sit radio_device:chr_file rw_file_perms;
+
+# Grant vendor radio and modem file/dir creation permission
+allow modem_ml_svc_sit radio_vendor_data_file:dir create_dir_perms;
+allow modem_ml_svc_sit radio_vendor_data_file:file create_file_perms;
+
+# Grant modem ml models config files access
+allow modem_ml_svc_sit modem_config_file:file r_file_perms;
+
+# RIL property
+get_prop(modem_ml_svc_sit, vendor_rild_prop)
+
+# Access to NNAPI service
+hal_client_domain(modem_ml_svc_sit, hal_neuralnetworks)
+allow modem_ml_svc_sit edgetpu_nnapi_service:service_manager find;