From 2fbd1edf60ff0970ba4c28fc05441ec7bc6f6c10 Mon Sep 17 00:00:00 2001
From: kierancyphus <kierancyphus@google.com>
Date: Wed, 24 Jan 2024 15:51:37 +0800
Subject: [PATCH] liboemservice_proxy: Add sepolicy

This was previously only configured to run on zuma devices, but should
be expanded to this device as well. Since this service should only be
present on these two devices, it's fine to just copy this here instead
of placing it in gs-common.

Test: atest vts_treble_vintf_vendor_test:DeviceManifest/SingleAidlTest
Bug: 321867236
Change-Id: I9f086df735c866ed037307574b38458434a9c486
---
 radio/dmd.te                  |  1 +
 radio/file_contexts           |  1 +
 radio/liboemservice_proxy.te  | 34 ++++++++++++++++++++++++++++++++++
 radio/modem_diagnostic_app.te |  5 +++++
 radio/service.te              |  2 ++
 radio/service_contexts        |  2 ++
 6 files changed, 45 insertions(+)
 create mode 100644 radio/liboemservice_proxy.te
 create mode 100644 radio/service.te
 create mode 100644 radio/service_contexts

diff --git a/radio/dmd.te b/radio/dmd.te
index 76177b5..be820be 100644
--- a/radio/dmd.te
+++ b/radio/dmd.te
@@ -30,3 +30,4 @@ binder_call(dmd, hwservicemanager)
 binder_call(dmd, modem_diagnostic_app)
 binder_call(dmd, modem_logging_control)
 binder_call(dmd, vendor_telephony_silentlogging_app)
+binder_call(dmd, liboemservice_proxy_default)
diff --git a/radio/file_contexts b/radio/file_contexts
index 8d74be8..1fcdfdd 100644
--- a/radio/file_contexts
+++ b/radio/file_contexts
@@ -11,6 +11,7 @@
 /vendor/bin/cbd                                                             u:object_r:cbd_exec:s0
 /vendor/bin/hw/rild_exynos                                                  u:object_r:rild_exec:s0
 /vendor/bin/hw/vendor\.google\.radioext@1\.0-service                        u:object_r:hal_radioext_default_exec:s0
+/vendor/bin/liboemservice_proxy_default                                     u:object_r:liboemservice_proxy_default_exec:s0
 
 # Config files
 /vendor/etc/modem_ml_models\.conf                                           u:object_r:modem_config_file:s0
diff --git a/radio/liboemservice_proxy.te b/radio/liboemservice_proxy.te
new file mode 100644
index 0000000..9a4a61a
--- /dev/null
+++ b/radio/liboemservice_proxy.te
@@ -0,0 +1,34 @@
+type liboemservice_proxy_default, domain;
+type liboemservice_proxy_default_exec, vendor_file_type, exec_type, file_type;
+init_daemon_domain(liboemservice_proxy_default)
+
+# Allow proxy to register as android service.
+binder_use(liboemservice_proxy_default);
+add_service(liboemservice_proxy_default, liboemservice_proxy_service);
+
+get_prop(liboemservice_proxy_default, hwservicemanager_prop)
+binder_call(liboemservice_proxy_default, hwservicemanager)
+binder_call(liboemservice_proxy_default, dmd)
+allow liboemservice_proxy_default hal_vendor_oem_hwservice:hwservice_manager find;
+allow liboemservice_proxy_default radio_vendor_data_file:dir create_dir_perms;
+allow liboemservice_proxy_default radio_vendor_data_file:file create_file_perms;
+
+# Grant to access serial device for external logging tool
+allow liboemservice_proxy_default serial_device:chr_file rw_file_perms;
+
+# Grant to access radio device
+allow liboemservice_proxy_default radio_device:chr_file rw_file_perms;
+
+# Grant to access slog dir/file
+allow liboemservice_proxy_default vendor_slog_file:dir create_dir_perms;
+allow liboemservice_proxy_default vendor_slog_file:file create_file_perms;
+
+# Grant to access tcp socket
+allow liboemservice_proxy_default node:tcp_socket node_bind;
+allow liboemservice_proxy_default self:tcp_socket { create_socket_perms_no_ioctl listen accept bind };
+
+# Grant to access log related properties
+set_prop(liboemservice_proxy_default, vendor_diag_prop)
+set_prop(liboemservice_proxy_default, vendor_slog_prop)
+set_prop(liboemservice_proxy_default, vendor_modem_prop)
+get_prop(liboemservice_proxy_default, vendor_persist_config_default_prop)
diff --git a/radio/modem_diagnostic_app.te b/radio/modem_diagnostic_app.te
index b21b792..aaf2aab 100644
--- a/radio/modem_diagnostic_app.te
+++ b/radio/modem_diagnostic_app.te
@@ -39,4 +39,9 @@ userdebug_or_eng(`
   allow modem_diagnostic_app sysfs_batteryinfo:dir search;
 
   dontaudit modem_diagnostic_app default_prop:file r_file_perms;
+
+  # Modem Log Mask Library Permissions
+  allow modem_diagnostic_app liboemservice_proxy_service:service_manager find;
+  binder_use(modem_diagnostic_app)
+  binder_call(modem_diagnostic_app, liboemservice_proxy_default)
 ')
diff --git a/radio/service.te b/radio/service.te
new file mode 100644
index 0000000..349e658
--- /dev/null
+++ b/radio/service.te
@@ -0,0 +1,2 @@
+# Define liboemservice_proxy_service.
+type liboemservice_proxy_service, hal_service_type, service_manager_type;
\ No newline at end of file
diff --git a/radio/service_contexts b/radio/service_contexts
new file mode 100644
index 0000000..d463150
--- /dev/null
+++ b/radio/service_contexts
@@ -0,0 +1,2 @@
+# DMD oemservice aidl proxy.
+com.google.pixel.modem.logmasklibrary.ILiboemserviceProxy/default u:object_r:liboemservice_proxy_service:s0
\ No newline at end of file