Reland: Add necessary sepolicy for convert_modem_to_ext4

The original CL was reverted because it references enable_16k_pages_prop, which is only available on board API level > 202504. This reland removes enable_16k_pages_prop usage, and worked around it by reading PRODUCT_16K_DEVELOPER_OPTION at build time. Test: reformat data as ext4, reboot Bug: 293313353 Change-Id: Ibd8f57d1ef4fd2b0fd8b4170153d57fe9a9cefc2
2024-03-28 20:21:00 -07:00 · 2024-03-28 20:21:00 -07:00 · be41aa688e
commit be41aa688e
parent 2247b84115
3 changed files with 40 additions and 0 deletions
--- a/radio/copy_efs_files_to_data.te
+++ b/radio/copy_efs_files_to_data.te
@ -0,0 +1,37 @@
+type copy_efs_files_to_data, domain;
+type copy_efs_files_to_data_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(copy_efs_files_to_data);
+
+
+
+# Allow creating files on /data/vendor/copied
+allow copy_efs_files_to_data modem_efs_image_file:dir  { create_dir_perms };
+allow copy_efs_files_to_data modem_efs_image_file:file { create_file_perms };
+allow copy_efs_files_to_data modem_efs_image_file:lnk_file { create_file_perms };
+
+
+# Allow execute binaries from /vendor/bin
+allow copy_efs_files_to_data vendor_toolbox_exec:file rx_file_perms;
+allow copy_efs_files_to_data vendor_shell_exec:file rx_file_perms;
+
+allow copy_efs_files_to_data mnt_vendor_file:dir { r_dir_perms setattr };
+
+allow copy_efs_files_to_data kmsg_debug_device:chr_file { w_file_perms ioctl getattr };
+
+
+# For reading files on /mnt/vendor/persist
+allow copy_efs_files_to_data vendor_persist_type:dir { r_dir_perms setattr };
+allow copy_efs_files_to_data vendor_persist_type:file { r_file_perms setattr };
+allow copy_efs_files_to_data tee_data_file:lnk_file r_file_perms;
+
+# For reading files on /mnt/vendor/efs
+allow copy_efs_files_to_data modem_efs_file:dir { r_dir_perms setattr };
+allow copy_efs_files_to_data modem_efs_file:file { r_file_perms setattr };
+
+# For reading files on /mnt/vendor/modem_userdata
+allow copy_efs_files_to_data modem_userdata_file:dir { r_dir_perms setattr };
+allow copy_efs_files_to_data modem_userdata_file:file { r_file_perms setattr };
+
+# Allow changing permission of files on /data/vendor/copied, part of cp -rp
+allow copy_efs_files_to_data self:capability { fowner chown };
--- a/radio/file.te
+++ b/radio/file.te
@ -1,5 +1,6 @@
 # Data
 type rild_vendor_data_file, file_type, data_file_type;
+type modem_efs_image_file, file_type, data_file_type;
 type vendor_gps_file, file_type, data_file_type;
 type modem_ml_data_file, file_type, data_file_type;
 type modem_stat_data_file, file_type, data_file_type;
--- a/radio/file_contexts
+++ b/radio/file_contexts
@ -12,6 +12,7 @@
 /vendor/bin/hw/rild_exynos                                                  u:object_r:rild_exec:s0
 /vendor/bin/hw/vendor\.google\.radioext@1\.0-service                        u:object_r:hal_radioext_default_exec:s0
 /vendor/bin/liboemservice_proxy_default                                     u:object_r:liboemservice_proxy_default_exec:s0
+/vendor/bin/copy_efs_files_to_data                                                            u:object_r:copy_efs_files_to_data_exec:s0

 # Config files
 /vendor/etc/modem_ml_models\.conf                                           u:object_r:modem_config_file:s0
@ -23,6 +24,7 @@
 /data/vendor/modem_ml(/.*)?                                                 u:object_r:modem_ml_data_file:s0
 /data/vendor/modem_stat(/.*)?                                               u:object_r:modem_stat_data_file:s0
 /data/vendor/rild(/.*)?                                                     u:object_r:rild_vendor_data_file:s0
+/data/vendor/copied(/.*)?                                                     u:object_r:modem_efs_image_file:s0

 # vendor extra images
 /mnt/vendor/efs(/.*)?                                                       u:object_r:modem_efs_file:s0