Add selinux rules for platform_apps to access vendor_ims_app udp socket for read/write of RTP packets.

This addresses the following SE policy denial 11-11 20:51:49.388000 2167 2167 I auditd : type=1400 audit(0.0:11): avc: denied { read write } for comm="nnon.imsservice" path="socket:[111836]" dev="sockfs" ino=111836 scontext=u:r:platform_app:s0:c512,c768 tcontext=u:r:vendor_ims_app:s0:c228,c256,c512,c768 tclass=udp_socket permissive=0 app=com.shannon.imsservice Bug: 262320328 Test: Manual Change-Id: I450f1faebd6c6a67e9f904c880360e75bad3cb40
2022-12-13 07:19:25 +00:00 · 2022-12-13 07:19:25 +00:00 · ebe77e31f4
commit ebe77e31f4
parent 1774ec056b
1 changed files with 1 additions and 0 deletions
--- a/radio/vendor_ims_app.te
+++ b/radio/vendor_ims_app.te
@ -13,6 +13,7 @@ allow vendor_ims_app cameraserver_service:service_manager find;
 allow vendor_ims_app mediametrics_service:service_manager find;

 allow vendor_ims_app self:udp_socket { create_socket_perms_no_ioctl };
+allow platform_app vendor_ims_app:udp_socket { getattr read write setopt shutdown };

 binder_call(vendor_ims_app, rild)
 set_prop(vendor_ims_app, vendor_rild_prop)