From 785df18f1e607fc3a97855853c52de9035fb67bf Mon Sep 17 00:00:00 2001
From: mikeyuewang <mikeyuewang@google.com>
Date: Mon, 3 Jun 2024 18:54:26 +0000
Subject: [PATCH 1/2] Grant the Pixel Modem Service access to the
 SubscriptionManager.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bug: 344624813

avc denial: avc: denied { find } for pid=2372 uid=10303 name=isub scontext=u:r:pixel_modem_app:s0:c47,c257,c512,c768 tcontext=u:object_r:radio_service:s0 tclass=service_manager permissive=0

Change-Id: I2e74ae8b364a30895e2769504efcd604f19adfa7
---
 radio/pixel_modem_app.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/radio/pixel_modem_app.te b/radio/pixel_modem_app.te
index 2fbe536..85a2628 100644
--- a/radio/pixel_modem_app.te
+++ b/radio/pixel_modem_app.te
@@ -5,6 +5,7 @@ type pixel_modem_app, domain;
 app_domain(pixel_modem_app)
 
 allow pixel_modem_app app_api_service:service_manager find;
+allow pixel_modem_app radio_service:service_manager find;
 
 # Allow the pixel_modem_app to find and call shared modem platform service.
 hal_client_domain(pixel_modem_app, hal_shared_modem_platform)

From 26efc37a3daea74dfdf6dd40a918de486887f81a Mon Sep 17 00:00:00 2001
From: Kiwon Park <kiwonp@google.com>
Date: Wed, 5 Jun 2024 14:40:00 -0700
Subject: [PATCH 2/2] Add setupwizard_feature_prop as one of properties allowed
 to be read

06-05 20:45:54.890420  root   351   351 W libc    : Unable to set property "setupwizard.feature.provisioning_profile_mode" to "true": error code: 0x18
06-05 20:45:54.894967  root   350   350 E init    : Unable to set property 'setupwizard.feature.provisioning_profile_mode' from uid:0 gid:0 pid:351: SELinux permission check failed

Test: manual
Bug: 336903409
Change-Id: I7282cfdbd621dd0e77f08c8ff7287f9693fa060a
---
 system_ext/private/gmscore_app.te    | 2 ++
 system_ext/private/priv_app.te       | 2 ++
 system_ext/private/property_contexts | 3 +++
 system_ext/public/property.te        | 3 +++
 vendor/vendor_init.te                | 2 ++
 5 files changed, 12 insertions(+)
 create mode 100644 system_ext/private/gmscore_app.te
 create mode 100644 system_ext/private/priv_app.te

diff --git a/system_ext/private/gmscore_app.te b/system_ext/private/gmscore_app.te
new file mode 100644
index 0000000..4dc1639
--- /dev/null
+++ b/system_ext/private/gmscore_app.te
@@ -0,0 +1,2 @@
+# Allow to read setupwizard_feature_prop
+get_prop(gmscore_app, setupwizard_feature_prop)
diff --git a/system_ext/private/priv_app.te b/system_ext/private/priv_app.te
new file mode 100644
index 0000000..90bc371
--- /dev/null
+++ b/system_ext/private/priv_app.te
@@ -0,0 +1,2 @@
+# Allow to read setupwizard_feature_prop
+get_prop(priv_app, setupwizard_feature_prop)
diff --git a/system_ext/private/property_contexts b/system_ext/private/property_contexts
index 22683bd..e7d4b3b 100644
--- a/system_ext/private/property_contexts
+++ b/system_ext/private/property_contexts
@@ -6,3 +6,6 @@ telephony.ril.ntn_demo_mode   u:object_r:telephony_ntn_demo_mode_prop:s0 exact b
 
 # HDCP setting of the display connected via USB port
 persist.sys.hdcp_checking     u:object_r:usb_control_prop:s0 exact string
+
+# setupwizard
+setupwizard.feature.provisioning_profile_mode    u:object_r:setupwizard_feature_prop:s0
diff --git a/system_ext/public/property.te b/system_ext/public/property.te
index e492369..f1b73f0 100644
--- a/system_ext/public/property.te
+++ b/system_ext/public/property.te
@@ -7,3 +7,6 @@ system_restricted_prop(telephony_ntn_demo_mode_prop)
 userdebug_or_eng(`
   set_prop(shell, telephony_ril_prop)
 ')
+
+# setupwizard
+system_public_prop(setupwizard_feature_prop)
diff --git a/vendor/vendor_init.te b/vendor/vendor_init.te
index 7a8ec91..21d3425 100644
--- a/vendor/vendor_init.te
+++ b/vendor/vendor_init.te
@@ -8,3 +8,5 @@ userdebug_or_eng(`
     set_prop(vendor_init, vendor_imssvc_prop)
 ')
 
+# setupwizard
+set_prop(vendor_init, setupwizard_feature_prop)