From 5a7d99b4a3d2df87e1002bb8aaaac3603431d7e1 Mon Sep 17 00:00:00 2001 From: Sungwoo choi Date: Fri, 10 Nov 2023 12:22:04 +0900 Subject: [PATCH] sepolicy: sepolicy for dmd/sced AIDL HAL service declare a type of service hal_vendor_modem_logging_service : for modem logging hal_vendor_tcpdump_service : for tcpdump Enable AIDL for V requirement AVC log in b/281968564#comment208 and go/v-ril-hal-migration Bug: 281968564 Test: telephony function test Flag: EXEMPT HAL interface change Change-Id: I24374cdecd7c811ac80bb1b2670168c9cc15be31 Signed-off-by: Sungwoo choi --- radio/dmd.te | 3 ++- radio/sced.te | 2 ++ radio/service.te | 5 ++++- radio/service_contexts | 5 ++++- radio/vendor_telephony_silentlogging_app.te | 2 ++ 5 files changed, 14 insertions(+), 3 deletions(-) diff --git a/radio/dmd.te b/radio/dmd.te index be820be..7ba947d 100644 --- a/radio/dmd.te +++ b/radio/dmd.te @@ -30,4 +30,5 @@ binder_call(dmd, hwservicemanager) binder_call(dmd, modem_diagnostic_app) binder_call(dmd, modem_logging_control) binder_call(dmd, vendor_telephony_silentlogging_app) -binder_call(dmd, liboemservice_proxy_default) +add_service(dmd, hal_vendor_modem_logging_service) +binder_call(dmd, servicemanager) diff --git a/radio/sced.te b/radio/sced.te index 2b08973..b8246f3 100644 --- a/radio/sced.te +++ b/radio/sced.te @@ -20,4 +20,6 @@ userdebug_or_eng(` allow sced vendor_slog_file:file create_file_perms; allow sced hidl_base_hwservice:hwservice_manager add; allow sced hal_vendor_oem_hwservice:hwservice_manager { add find }; + add_service(sced, hal_vendor_tcpdump_service) + binder_call(sced, servicemanager) ') diff --git a/radio/service.te b/radio/service.te index 112bc09..0db5b6e 100644 --- a/radio/service.te +++ b/radio/service.te @@ -1,3 +1,6 @@ # Define liboemservice_proxy_service. type liboemservice_proxy_service, hal_service_type, service_manager_type; -type hal_vendor_radio_external_service, hal_service_type, protected_service, service_manager_type; \ No newline at end of file +type hal_vendor_radio_external_service, hal_service_type, protected_service, service_manager_type; + +type hal_vendor_modem_logging_service, hal_service_type, protected_service, service_manager_type; +type hal_vendor_tcpdump_service, hal_service_type, protected_service, service_manager_type; diff --git a/radio/service_contexts b/radio/service_contexts index 162dd29..03cffd0 100644 --- a/radio/service_contexts +++ b/radio/service_contexts @@ -1,3 +1,6 @@ # DMD oemservice aidl proxy. com.google.pixel.modem.logmasklibrary.ILiboemserviceProxy/default u:object_r:liboemservice_proxy_service:s0 -vendor.samsung_slsi.telephony.hardware.radioExternal.IOemSlsiRadioExternal/default u:object_r:hal_vendor_radio_external_service:s0 \ No newline at end of file +vendor.samsung_slsi.telephony.hardware.radioExternal.IOemSlsiRadioExternal/default u:object_r:hal_vendor_radio_external_service:s0 +vendor.samsung_slsi.telephony.hardware.oemservice.IOemService/dm0 u:object_r:hal_vendor_modem_logging_service:s0 +vendor.samsung_slsi.telephony.hardware.oemservice.IOemService/dm1 u:object_r:hal_vendor_modem_logging_service:s0 +vendor.samsung_slsi.telephony.hardware.oemservice.IOemService/sced0 u:object_r:hal_vendor_tcpdump_service:s0 diff --git a/radio/vendor_telephony_silentlogging_app.te b/radio/vendor_telephony_silentlogging_app.te index 583f408..1de0ea7 100644 --- a/radio/vendor_telephony_silentlogging_app.te +++ b/radio/vendor_telephony_silentlogging_app.te @@ -11,6 +11,8 @@ allow vendor_telephony_silentlogging_app app_api_service:service_manager find; allow vendor_telephony_silentlogging_app hal_vendor_oem_hwservice:hwservice_manager find; binder_call(vendor_telephony_silentlogging_app, dmd) binder_call(vendor_telephony_silentlogging_app, sced) +allow vendor_telephony_silentlogging_app hal_vendor_modem_logging_service:service_manager find; +binder_call(vendor_telephony_silentlogging_app, servicemanager) userdebug_or_eng(` # Silent Logging