81f027f9a1
Bug: 357139752
09-12 14:58:18.412 21402 21402 W shared_modem_pl: type=1400 audit(0.0:445): avc: denied { write } for name="modem_svc_socket" dev="dm-53" ino=55074 scontext=u:r:modem_svc_sit:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=sock_file permissive=0
Flag: EXEMPT sepolicy change only
Change-Id: I0f465e6a3039cc9781142c2b0f3fc433eaa1c9dc
57 lines
2 KiB
Text
57 lines
2 KiB
Text
# Selinux rule for modem_svc_sit daemon
|
|
type modem_svc_sit, domain;
|
|
type modem_svc_sit_exec, vendor_file_type, exec_type, file_type;
|
|
init_daemon_domain(modem_svc_sit)
|
|
|
|
hwbinder_use(modem_svc_sit)
|
|
binder_call(modem_svc_sit, rild)
|
|
|
|
# Grant sysfs_modem access
|
|
allow modem_svc_sit sysfs_modem:file rw_file_perms;
|
|
|
|
# Grant radio device access
|
|
allow modem_svc_sit radio_device:chr_file rw_file_perms;
|
|
|
|
# Grant vendor radio and modem file/dir creation permission
|
|
allow modem_svc_sit radio_vendor_data_file:dir create_dir_perms;
|
|
allow modem_svc_sit radio_vendor_data_file:file create_file_perms;
|
|
allow modem_svc_sit modem_stat_data_file:dir create_dir_perms;
|
|
allow modem_svc_sit modem_stat_data_file:file create_file_perms;
|
|
|
|
allow modem_svc_sit vendor_fw_file:dir search;
|
|
allow modem_svc_sit vendor_fw_file:file r_file_perms;
|
|
|
|
allow modem_svc_sit mnt_vendor_file:dir r_dir_perms;
|
|
allow modem_svc_sit modem_userdata_file:dir create_dir_perms;
|
|
allow modem_svc_sit modem_userdata_file:file create_file_perms;
|
|
|
|
# RIL property
|
|
get_prop(modem_svc_sit, vendor_rild_prop)
|
|
|
|
# Modem property
|
|
set_prop(modem_svc_sit, vendor_modem_prop)
|
|
|
|
# logging property
|
|
get_prop(modem_svc_sit, vendor_logger_prop)
|
|
|
|
# hwservice permission
|
|
allow modem_svc_sit hal_exynos_rild_hwservice:hwservice_manager find;
|
|
get_prop(modem_svc_sit, hwservicemanager_prop)
|
|
|
|
# Modem SVC will register the default instance of the AIDL ISharedModemPlatform hal.
|
|
hal_server_domain(modem_svc_sit, hal_shared_modem_platform)
|
|
|
|
# Write trace data to the Perfetto traced daemon. This requires connecting to
|
|
# its producer socket and obtaining a (per-process) tmpfs fd.
|
|
perfetto_producer(modem_svc_sit)
|
|
|
|
# Allow modem_svc_sit to access modem image file/dir
|
|
allow modem_svc_sit modem_img_file:dir r_dir_perms;
|
|
allow modem_svc_sit modem_img_file:file r_file_perms;
|
|
allow modem_svc_sit modem_img_file:lnk_file r_file_perms;
|
|
|
|
# Allow modem_svc_sit to access socket for UMI
|
|
userdebug_or_eng(`
|
|
allow modem_svc_sit radio_vendor_data_file:sock_file { create write unlink };
|
|
')
|
|
|