diff --git a/radio/file_contexts b/radio/file_contexts index 8d74be8e..f158b42a 100644 --- a/radio/file_contexts +++ b/radio/file_contexts @@ -11,6 +11,7 @@ /vendor/bin/cbd u:object_r:cbd_exec:s0 /vendor/bin/hw/rild_exynos u:object_r:rild_exec:s0 /vendor/bin/hw/vendor\.google\.radioext@1\.0-service u:object_r:hal_radioext_default_exec:s0 +/vendor/bin/init\.check_ap_pd_auth\.sh u:object_r:init-check_ap_pd_auth-sh_exec:s0 # Config files /vendor/etc/modem_ml_models\.conf u:object_r:modem_config_file:s0 diff --git a/radio/init-check_ap_pd_auth-sh.te b/radio/init-check_ap_pd_auth-sh.te new file mode 100644 index 00000000..bcd855c2 --- /dev/null +++ b/radio/init-check_ap_pd_auth-sh.te @@ -0,0 +1,14 @@ +type init-check_ap_pd_auth-sh, domain; +type init-check_ap_pd_auth-sh_exec, vendor_file_type, exec_type, file_type; + +userdebug_or_eng(` + init_daemon_domain(init-check_ap_pd_auth-sh) + + set_prop(init-check_ap_pd_auth-sh, vendor_sjtag_lock_state_prop) + + allow init-check_ap_pd_auth-sh sysfs_sjtag:dir r_dir_perms; + allow init-check_ap_pd_auth-sh sysfs_sjtag:file r_file_perms; + + allow init-check_ap_pd_auth-sh vendor_shell_exec:file rx_file_perms; + allow init-check_ap_pd_auth-sh vendor_toolbox_exec:file rx_file_perms; +') diff --git a/radio/property.te b/radio/property.te index 16ccefce..dfb1e689 100644 --- a/radio/property.te +++ b/radio/property.te @@ -15,3 +15,5 @@ vendor_internal_prop(vendor_tcpdump_log_prop) # Telephony debug app vendor_internal_prop(vendor_telephony_app_prop) +# SJTAG lock state +vendor_internal_prop(vendor_sjtag_lock_state_prop) diff --git a/radio/property_contexts b/radio/property_contexts index 0cad5bcf..ff410c5e 100644 --- a/radio/property_contexts +++ b/radio/property_contexts @@ -57,3 +57,6 @@ persist.vendor.gps. u:object_r:vendor_gps_prop:s0 persist.vendor.tcpdump.log.alwayson u:object_r:vendor_tcpdump_log_prop:s0 vendor.tcpdump. u:object_r:vendor_tcpdump_log_prop:s0 +# SJTAG lock state +ro.vendor.sjtag_ap_is_unlocked u:object_r:vendor_sjtag_lock_state_prop:s0 +ro.vendor.sjtag_gsa_is_unlocked u:object_r:vendor_sjtag_lock_state_prop:s0 diff --git a/radio/ssr_detector.te b/radio/ssr_detector.te index 2caf6d77..a93d5bdb 100644 --- a/radio/ssr_detector.te +++ b/radio/ssr_detector.te @@ -13,11 +13,13 @@ userdebug_or_eng(` allow ssr_detector_app sscoredump_vendor_data_coredump_file:dir r_dir_perms; allow ssr_detector_app sscoredump_vendor_data_coredump_file:file r_file_perms; get_prop(ssr_detector_app, vendor_aoc_prop) + set_prop(ssr_detector_app, vendor_sjtag_lock_state_prop) allow ssr_detector_app sysfs_sjtag:dir r_dir_perms; allow ssr_detector_app sysfs_sjtag:file rw_file_perms; allow ssr_detector_app proc_vendor_sched:dir search; allow ssr_detector_app proc_vendor_sched:file rw_file_perms; allow ssr_detector_app cgroup:file write; + allow ssr_detector_app vendor_toolbox_exec:file execute_no_trans; ') get_prop(ssr_detector_app, vendor_ssrdump_prop)