Original change: https://googleplex-android-review.googlesource.com/c/device/google/zumapro-sepolicy/+/27176301 Change-Id: Id7b52b03bb7e09b91e73cfe3167cb87041618254 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
50 lines
1.8 KiB
Text
50 lines
1.8 KiB
Text
type modem_svc_sit, domain;
|
|
type modem_svc_sit_exec, vendor_file_type, exec_type, file_type;
|
|
init_daemon_domain(modem_svc_sit)
|
|
|
|
hwbinder_use(modem_svc_sit)
|
|
binder_call(modem_svc_sit, rild)
|
|
|
|
# Grant sysfs_modem access
|
|
allow modem_svc_sit sysfs_modem:file rw_file_perms;
|
|
|
|
# Grant radio device access
|
|
allow modem_svc_sit radio_device:chr_file rw_file_perms;
|
|
|
|
# Grant vendor radio and modem file/dir creation permission
|
|
allow modem_svc_sit radio_vendor_data_file:dir create_dir_perms;
|
|
allow modem_svc_sit radio_vendor_data_file:file create_file_perms;
|
|
allow modem_svc_sit modem_stat_data_file:dir create_dir_perms;
|
|
allow modem_svc_sit modem_stat_data_file:file create_file_perms;
|
|
|
|
allow modem_svc_sit vendor_fw_file:dir search;
|
|
allow modem_svc_sit vendor_fw_file:file r_file_perms;
|
|
|
|
allow modem_svc_sit mnt_vendor_file:dir r_dir_perms;
|
|
allow modem_svc_sit modem_userdata_file:dir create_dir_perms;
|
|
allow modem_svc_sit modem_userdata_file:file create_file_perms;
|
|
|
|
# RIL property
|
|
get_prop(modem_svc_sit, vendor_rild_prop)
|
|
|
|
# Modem property
|
|
set_prop(modem_svc_sit, vendor_modem_prop)
|
|
|
|
# logging property
|
|
get_prop(modem_svc_sit, vendor_logger_prop)
|
|
|
|
# hwservice permission
|
|
allow modem_svc_sit hal_exynos_rild_hwservice:hwservice_manager find;
|
|
get_prop(modem_svc_sit, hwservicemanager_prop)
|
|
|
|
# Modem SVC will register the default instance of the AIDL ISharedModemPlatform hal.
|
|
hal_server_domain(modem_svc_sit, hal_shared_modem_platform)
|
|
|
|
# Write trace data to the Perfetto traced daemon. This requires connecting to
|
|
# its producer socket and obtaining a (per-process) tmpfs fd.
|
|
perfetto_producer(modem_svc_sit)
|
|
|
|
# Allow modem_svc_sit to access modem image file/dir
|
|
allow modem_svc_sit modem_img_file:dir r_dir_perms;
|
|
allow modem_svc_sit modem_img_file:file r_file_perms;
|
|
allow modem_svc_sit modem_img_file:lnk_file r_file_perms;
|