ebe77e31f4
This addresses the following SE policy denial
11-11 20:51:49.388000 2167 2167 I auditd : type=1400 audit(0.0:11): avc: denied { read write } for comm="nnon.imsservice" path="socket:[111836]" dev="sockfs" ino=111836 scontext=u:r:platform_app:s0:c512,c768 tcontext=u:r:vendor_ims_app:s0:c228,c256,c512,c768 tclass=udp_socket permissive=0 app=com.shannon.imsservice
Bug: 262320328
Test: Manual
Change-Id: I450f1faebd6c6a67e9f904c880360e75bad3cb40
21 lines
844 B
Text
21 lines
844 B
Text
type vendor_ims_app, domain;
|
|
app_domain(vendor_ims_app)
|
|
net_domain(vendor_ims_app)
|
|
|
|
allow vendor_ims_app app_api_service:service_manager find;
|
|
allow vendor_ims_app audioserver_service:service_manager find;
|
|
|
|
allow vendor_ims_app hal_exynos_rild_hwservice:hwservice_manager find;
|
|
allow vendor_ims_app radio_service:service_manager find;
|
|
|
|
allow vendor_ims_app mediaserver_service:service_manager find;
|
|
allow vendor_ims_app cameraserver_service:service_manager find;
|
|
allow vendor_ims_app mediametrics_service:service_manager find;
|
|
|
|
allow vendor_ims_app self:udp_socket { create_socket_perms_no_ioctl };
|
|
allow platform_app vendor_ims_app:udp_socket { getattr read write setopt shutdown };
|
|
|
|
binder_call(vendor_ims_app, rild)
|
|
set_prop(vendor_ims_app, vendor_rild_prop)
|
|
set_prop(vendor_ims_app, radio_prop)
|
|
get_prop(vendor_ims_app, vendor_imssvc_prop)
|