sepolicy: declare hal_vendor_radio_external_service

Enable AIDL for V requirement AVC log in b/281968564#comment208 and go/v-ril-hal-migration Bug: 281968564 Test: telephony function test Flag: EXEMPT HAL interface change Change-Id: Id523192adf8ab2d60f1778b97274f5357d06707c Signed-off-by: Sungwoo choi <sungwoo48.choi@samsung.com>
2024-04-24 15:16:21 +09:00 · 2024-04-24 15:16:21 +09:00 · 8dd51f11ad
commit 8dd51f11ad
parent d44695709c
11 changed files with 24 additions and 3 deletions
--- a/legacy/zuma/vendor/hal_secure_element_uicc.te
+++ b/legacy/zuma/vendor/hal_secure_element_uicc.te
@ -10,3 +10,5 @@ crash_dump_fallback(hal_secure_element_uicc)
 # Allow hal_secure_element_uicc to access rild
 binder_call(hal_secure_element_uicc, rild);
 allow hal_secure_element_uicc hal_exynos_rild_hwservice:hwservice_manager find;
+allow hal_secure_element_uicc hal_vendor_radio_external_service:service_manager find;
+binder_call(hal_secure_element_uicc, servicemanager)
--- a/radio/bipchmgr.te
+++ b/radio/bipchmgr.te
@ -7,3 +7,5 @@ get_prop(bipchmgr, hwservicemanager_prop);
 allow bipchmgr hal_exynos_rild_hwservice:hwservice_manager find;
 hwbinder_use(bipchmgr)
 binder_call(bipchmgr, rild)
+allow bipchmgr hal_vendor_radio_external_service:service_manager find;
+binder_call(bipchmgr, servicemanager)
--- a/radio/oemrilservice_app.te
+++ b/radio/oemrilservice_app.te
@ -7,3 +7,6 @@ allow oemrilservice_app radio_service:service_manager find;

 binder_call(oemrilservice_app, rild)
 set_prop(oemrilservice_app, vendor_rild_prop)
+
+allow oemrilservice_app hal_vendor_radio_external_service:service_manager find;
+binder_call(oemrilservice_app, servicemanager)
--- a/radio/radio.te
+++ b/radio/radio.te
@ -7,3 +7,5 @@ allow radio radio_vendor_data_file:file create_file_perms;
 allow radio vendor_ims_app:udp_socket { getattr read write setopt shutdown };
 allow radio aoc_device:chr_file rw_file_perms;
 allow radio scheduling_policy_service:service_manager find;
+allow radio hal_vendor_radio_external_service:service_manager find;
+binder_call(radio, servicemanager)
--- a/radio/rild.te
+++ b/radio/rild.te
@ -37,6 +37,7 @@ crash_dump_fallback(rild)

 # for hal service
 add_hwservice(rild, hal_exynos_rild_hwservice)
+add_service(rild, hal_vendor_radio_external_service)

 # Allow rild to access files on modem img.
 allow rild modem_img_file:dir r_dir_perms;
--- a/radio/service.te
+++ b/radio/service.te
@ -1,2 +1,3 @@
 # Define liboemservice_proxy_service.
-type liboemservice_proxy_service, hal_service_type, service_manager_type;
+type liboemservice_proxy_service, hal_service_type, service_manager_type;
+type hal_vendor_radio_external_service, hal_service_type, protected_service, service_manager_type;
--- a/radio/service_contexts
+++ b/radio/service_contexts
@ -1,2 +1,3 @@
 # DMD oemservice aidl proxy.
-com.google.pixel.modem.logmasklibrary.ILiboemserviceProxy/default u:object_r:liboemservice_proxy_service:s0
+com.google.pixel.modem.logmasklibrary.ILiboemserviceProxy/default u:object_r:liboemservice_proxy_service:s0
+vendor.samsung_slsi.telephony.hardware.radioExternal.IOemSlsiRadioExternal/default      u:object_r:hal_vendor_radio_external_service:s0
--- a/radio/vendor_engineermode_app.te
+++ b/radio/vendor_engineermode_app.te
@ -5,6 +5,8 @@ binder_call(vendor_engineermode_app, rild)

 allow vendor_engineermode_app app_api_service:service_manager find;
 allow vendor_engineermode_app hal_exynos_rild_hwservice:hwservice_manager find;
+allow vendor_engineermode_app hal_vendor_radio_external_service:service_manager find;
+binder_call(vendor_engineermode_app, servicemanager)

 userdebug_or_eng(`
  dontaudit vendor_engineermode_app default_prop:file r_file_perms;
--- a/radio/vendor_ims_app.te
+++ b/radio/vendor_ims_app.te
@ -21,3 +21,5 @@ get_prop(vendor_ims_app, vendor_imssvc_prop)
 userdebug_or_eng(`
  get_prop(vendor_ims_app, vendor_ims_tiss_prop)
 ')
+allow vendor_ims_app hal_vendor_radio_external_service:service_manager find;
+binder_call(vendor_ims_app, servicemanager)
--- a/radio/vendor_satellite_service.te
+++ b/radio/vendor_satellite_service.te
@ -3,4 +3,6 @@ type vendor_satellite_service, domain;
 app_domain(vendor_satellite_service);
 allow vendor_satellite_service app_api_service:service_manager find;
 allow vendor_satellite_service hal_exynos_rild_hwservice:hwservice_manager find;
-binder_call(vendor_satellite_service, rild)
+binder_call(vendor_satellite_service, rild)
+allow vendor_satellite_service hal_vendor_radio_external_service:service_manager find;
+binder_call(vendor_satellite_service, servicemanager)
--- a/radio/vendor_telephony_debug_app.te
+++ b/radio/vendor_telephony_debug_app.te
@ -9,6 +9,9 @@ binder_call(vendor_telephony_debug_app, rild)
 # RIL property
 set_prop(vendor_telephony_debug_app, vendor_rild_prop)

+allow vendor_telephony_debug_app hal_vendor_radio_external_service:service_manager find;
+binder_call(vendor_telephony_debug_app, servicemanager)
+
 # Debug property
 set_prop(vendor_telephony_debug_app, vendor_telephony_app_prop)