From c8c92bd5930e1840f2d92c763719ea87894584f0 Mon Sep 17 00:00:00 2001 From: Megha Patil Date: Fri, 27 Oct 2023 04:05:48 +0000 Subject: [PATCH] Sepolicy for the new property to switch Modem Binary Sepolicy Rules added for telephony.TnNtn.image_switch BUG: b/298322438 Bug: 323087490 Test: Test Binding sequence of Service Change-Id: Ie79aff94159d79a573ec92546a5d3e390b802b22 --- radio/cbd.te | 1 + radio/vendor_init.te | 1 + system_ext/private/pixelntnservice_app.te | 5 +++++ system_ext/private/property_contexts | 1 + system_ext/private/seapp_contexts | 3 +++ system_ext/public/pixelntnservice_app.te | 1 + system_ext/public/property.te | 3 ++- 7 files changed, 14 insertions(+), 1 deletion(-) create mode 100644 system_ext/private/pixelntnservice_app.te create mode 100644 system_ext/public/pixelntnservice_app.te diff --git a/radio/cbd.te b/radio/cbd.te index 6827772a..9657084a 100644 --- a/radio/cbd.te +++ b/radio/cbd.te @@ -5,6 +5,7 @@ init_daemon_domain(cbd) set_prop(cbd, vendor_modem_prop) set_prop(cbd, vendor_cbd_prop) set_prop(cbd, vendor_rild_prop) +get_prop(cbd, telephony_modem_prop) allow cbd mnt_vendor_file:dir r_dir_perms; diff --git a/radio/vendor_init.te b/radio/vendor_init.te index ed6f530b..592f7236 100644 --- a/radio/vendor_init.te +++ b/radio/vendor_init.te @@ -1,4 +1,5 @@ set_prop(vendor_init, vendor_cbd_prop) +get_prop(vendor_init, telephony_modem_prop) set_prop(vendor_init, vendor_carrier_prop) set_prop(vendor_init, vendor_modem_prop) set_prop(vendor_init, vendor_rild_prop) diff --git a/system_ext/private/pixelntnservice_app.te b/system_ext/private/pixelntnservice_app.te new file mode 100644 index 00000000..8bf71cc9 --- /dev/null +++ b/system_ext/private/pixelntnservice_app.te @@ -0,0 +1,5 @@ +typeattribute pixelntnservice_app coredomain; + +app_domain(pixelntnservice_app); +allow pixelntnservice_app app_api_service:service_manager find; +set_prop(pixelntnservice_app, telephony_modem_prop) diff --git a/system_ext/private/property_contexts b/system_ext/private/property_contexts index bd245c99..15d2624f 100644 --- a/system_ext/private/property_contexts +++ b/system_ext/private/property_contexts @@ -1,4 +1,5 @@ # Telephony +telephony.TnNtn.image_switch u:object_r:telephony_modem_prop:s0 exact enum ntn tn telephony.ril.silent_reset u:object_r:telephony_ril_prop:s0 exact bool # HDCP setting of the display connected via USB port diff --git a/system_ext/private/seapp_contexts b/system_ext/private/seapp_contexts index c3ec6d38..8705d162 100644 --- a/system_ext/private/seapp_contexts +++ b/system_ext/private/seapp_contexts @@ -4,3 +4,6 @@ user=_app seinfo=platform name=com.android.systemui:* domain=systemui_app type=a # PixelDisplayService user=_app seinfo=platform name=com.android.pixeldisplayservice domain=pixeldisplayservice_app type=app_data_file levelFrom=all + +# PixelNtnService +user=system seinfo=platform name=com.google.android.satellite domain=pixelntnservice_app type=app_data_file levelFrom=all diff --git a/system_ext/public/pixelntnservice_app.te b/system_ext/public/pixelntnservice_app.te new file mode 100644 index 00000000..10661b66 --- /dev/null +++ b/system_ext/public/pixelntnservice_app.te @@ -0,0 +1 @@ +type pixelntnservice_app, domain; diff --git a/system_ext/public/property.te b/system_ext/public/property.te index 8ad51ac0..4dd97a51 100644 --- a/system_ext/public/property.te +++ b/system_ext/public/property.te @@ -1,6 +1,7 @@ # Telephony system_public_prop(telephony_ril_prop) +system_restricted_prop(telephony_modem_prop) userdebug_or_eng(` set_prop(shell, telephony_ril_prop) -') \ No newline at end of file +')