From 8dd51f11adcddd1c6b3b5b4d2de8a8821db2f925 Mon Sep 17 00:00:00 2001
From: Sungwoo choi <sungwoo48.choi@samsung.com>
Date: Wed, 24 Apr 2024 15:16:21 +0900
Subject: [PATCH] sepolicy: declare hal_vendor_radio_external_service

Enable AIDL for V requirement

AVC log in b/281968564#comment208 and go/v-ril-hal-migration

Bug: 281968564
Test: telephony function test
Flag: EXEMPT HAL interface change

Change-Id: Id523192adf8ab2d60f1778b97274f5357d06707c
Signed-off-by: Sungwoo choi <sungwoo48.choi@samsung.com>
---
 legacy/zuma/vendor/hal_secure_element_uicc.te | 2 ++
 radio/bipchmgr.te                             | 2 ++
 radio/oemrilservice_app.te                    | 3 +++
 radio/radio.te                                | 2 ++
 radio/rild.te                                 | 1 +
 radio/service.te                              | 3 ++-
 radio/service_contexts                        | 3 ++-
 radio/vendor_engineermode_app.te              | 2 ++
 radio/vendor_ims_app.te                       | 2 ++
 radio/vendor_satellite_service.te             | 4 +++-
 radio/vendor_telephony_debug_app.te           | 3 +++
 11 files changed, 24 insertions(+), 3 deletions(-)

diff --git a/legacy/zuma/vendor/hal_secure_element_uicc.te b/legacy/zuma/vendor/hal_secure_element_uicc.te
index 8cd1cb3..96cbf18 100644
--- a/legacy/zuma/vendor/hal_secure_element_uicc.te
+++ b/legacy/zuma/vendor/hal_secure_element_uicc.te
@@ -10,3 +10,5 @@ crash_dump_fallback(hal_secure_element_uicc)
 # Allow hal_secure_element_uicc to access rild
 binder_call(hal_secure_element_uicc, rild);
 allow hal_secure_element_uicc hal_exynos_rild_hwservice:hwservice_manager find;
+allow hal_secure_element_uicc hal_vendor_radio_external_service:service_manager find;
+binder_call(hal_secure_element_uicc, servicemanager)
diff --git a/radio/bipchmgr.te b/radio/bipchmgr.te
index 9298e32..3e07f0f 100644
--- a/radio/bipchmgr.te
+++ b/radio/bipchmgr.te
@@ -7,3 +7,5 @@ get_prop(bipchmgr, hwservicemanager_prop);
 allow bipchmgr hal_exynos_rild_hwservice:hwservice_manager find;
 hwbinder_use(bipchmgr)
 binder_call(bipchmgr, rild)
+allow bipchmgr hal_vendor_radio_external_service:service_manager find;
+binder_call(bipchmgr, servicemanager)
diff --git a/radio/oemrilservice_app.te b/radio/oemrilservice_app.te
index b055dbe..f52e433 100644
--- a/radio/oemrilservice_app.te
+++ b/radio/oemrilservice_app.te
@@ -7,3 +7,6 @@ allow oemrilservice_app radio_service:service_manager find;
 
 binder_call(oemrilservice_app, rild)
 set_prop(oemrilservice_app, vendor_rild_prop)
+
+allow oemrilservice_app hal_vendor_radio_external_service:service_manager find;
+binder_call(oemrilservice_app, servicemanager)
diff --git a/radio/radio.te b/radio/radio.te
index 721e018..d50a5e8 100644
--- a/radio/radio.te
+++ b/radio/radio.te
@@ -7,3 +7,5 @@ allow radio radio_vendor_data_file:file create_file_perms;
 allow radio vendor_ims_app:udp_socket { getattr read write setopt shutdown };
 allow radio aoc_device:chr_file rw_file_perms;
 allow radio scheduling_policy_service:service_manager find;
+allow radio hal_vendor_radio_external_service:service_manager find;
+binder_call(radio, servicemanager)
diff --git a/radio/rild.te b/radio/rild.te
index 535a6b4..80582d9 100644
--- a/radio/rild.te
+++ b/radio/rild.te
@@ -37,6 +37,7 @@ crash_dump_fallback(rild)
 
 # for hal service
 add_hwservice(rild, hal_exynos_rild_hwservice)
+add_service(rild, hal_vendor_radio_external_service)
 
 # Allow rild to access files on modem img.
 allow rild modem_img_file:dir r_dir_perms;
diff --git a/radio/service.te b/radio/service.te
index 349e658..112bc09 100644
--- a/radio/service.te
+++ b/radio/service.te
@@ -1,2 +1,3 @@
 # Define liboemservice_proxy_service.
-type liboemservice_proxy_service, hal_service_type, service_manager_type;
\ No newline at end of file
+type liboemservice_proxy_service, hal_service_type, service_manager_type;
+type hal_vendor_radio_external_service, hal_service_type, protected_service, service_manager_type;
\ No newline at end of file
diff --git a/radio/service_contexts b/radio/service_contexts
index d463150..162dd29 100644
--- a/radio/service_contexts
+++ b/radio/service_contexts
@@ -1,2 +1,3 @@
 # DMD oemservice aidl proxy.
-com.google.pixel.modem.logmasklibrary.ILiboemserviceProxy/default u:object_r:liboemservice_proxy_service:s0
\ No newline at end of file
+com.google.pixel.modem.logmasklibrary.ILiboemserviceProxy/default u:object_r:liboemservice_proxy_service:s0
+vendor.samsung_slsi.telephony.hardware.radioExternal.IOemSlsiRadioExternal/default      u:object_r:hal_vendor_radio_external_service:s0
\ No newline at end of file
diff --git a/radio/vendor_engineermode_app.te b/radio/vendor_engineermode_app.te
index d35403a..83baa8b 100644
--- a/radio/vendor_engineermode_app.te
+++ b/radio/vendor_engineermode_app.te
@@ -5,6 +5,8 @@ binder_call(vendor_engineermode_app, rild)
 
 allow vendor_engineermode_app app_api_service:service_manager find;
 allow vendor_engineermode_app hal_exynos_rild_hwservice:hwservice_manager find;
+allow vendor_engineermode_app hal_vendor_radio_external_service:service_manager find;
+binder_call(vendor_engineermode_app, servicemanager)
 
 userdebug_or_eng(`
   dontaudit vendor_engineermode_app default_prop:file r_file_perms;
diff --git a/radio/vendor_ims_app.te b/radio/vendor_ims_app.te
index b0aba05..187d369 100644
--- a/radio/vendor_ims_app.te
+++ b/radio/vendor_ims_app.te
@@ -21,3 +21,5 @@ get_prop(vendor_ims_app, vendor_imssvc_prop)
 userdebug_or_eng(`
   get_prop(vendor_ims_app, vendor_ims_tiss_prop)
 ')
+allow vendor_ims_app hal_vendor_radio_external_service:service_manager find;
+binder_call(vendor_ims_app, servicemanager)
diff --git a/radio/vendor_satellite_service.te b/radio/vendor_satellite_service.te
index f6a1fa2..392a28c 100644
--- a/radio/vendor_satellite_service.te
+++ b/radio/vendor_satellite_service.te
@@ -3,4 +3,6 @@ type vendor_satellite_service, domain;
 app_domain(vendor_satellite_service);
 allow vendor_satellite_service app_api_service:service_manager find;
 allow vendor_satellite_service hal_exynos_rild_hwservice:hwservice_manager find;
-binder_call(vendor_satellite_service, rild)
\ No newline at end of file
+binder_call(vendor_satellite_service, rild)
+allow vendor_satellite_service hal_vendor_radio_external_service:service_manager find;
+binder_call(vendor_satellite_service, servicemanager)
\ No newline at end of file
diff --git a/radio/vendor_telephony_debug_app.te b/radio/vendor_telephony_debug_app.te
index 539fffc..3c10e0b 100644
--- a/radio/vendor_telephony_debug_app.te
+++ b/radio/vendor_telephony_debug_app.te
@@ -9,6 +9,9 @@ binder_call(vendor_telephony_debug_app, rild)
 # RIL property
 set_prop(vendor_telephony_debug_app, vendor_rild_prop)
 
+allow vendor_telephony_debug_app hal_vendor_radio_external_service:service_manager find;
+binder_call(vendor_telephony_debug_app, servicemanager)
+
 # Debug property
 set_prop(vendor_telephony_debug_app, vendor_telephony_app_prop)