diff options
| author | Alex Hong <rurumihong@google.com> | 2021-04-28 17:26:27 +0800 |
|---|---|---|
| committer | ChihYao Chien <ccchien@google.com> | 2021-05-13 02:27:28 +0000 |
| commit | d06ed62998849680246f5c39b60e9003499c3d23 (patch) | |
| tree | 2e21923c19ca57915c71a60754965bddee6d548b | |
| parent | 84283a8ffe44f42e0005b853e291479b1c9674fb (diff) | |
| download | redbull-sepolicy-d06ed62998849680246f5c39b60e9003499c3d23.tar.gz | |
Allow hal_rcsservice and qtelephony to get HAL services
"vendor.qti.hardware.radio.ims.IImsRadio/default" is not currently used.
Label it and grant the permission first for the future AU integrations.
The following denials are from the AU108 drop.
avc: denied { find } for interface=android.hidl.manager::IServiceManager sid=u:r:hal_rcsservice:s0 pid=1262 scontext=u:r:hal_rcsservice:s0 tcontext=u:object_r:hidl_manager_hwservice:s0 tclass=hwservice_manager permissive=0
avc: denied { find } for pid=2718 uid=10252 name=vendor.qti.hardware.radio.ims.IImsRadio/default scontext=u:r:qtelephony:s0:c252,c256,c512,c768 tcontext=u:object_r:default_android_service:s0 tclass=service_manager permissive=0
Test: $ make selinux_policy
Push SELinux modules into the device, check the denials during boot.
Bug: 185954927
Change-Id: I75d2c4c990ebd0a55f2dc641de6b8c62be01e655
| -rw-r--r-- | vendor/qcom/common/hal_rcsservice.te | 2 | ||||
| -rw-r--r-- | vendor/qcom/common/qtelephony.te | 1 | ||||
| -rw-r--r-- | vendor/qcom/common/service.te | 1 | ||||
| -rw-r--r-- | vendor/qcom/common/service_contexts | 1 |
4 files changed, 5 insertions, 0 deletions
diff --git a/vendor/qcom/common/hal_rcsservice.te b/vendor/qcom/common/hal_rcsservice.te index ff3038b..c825745 100644 --- a/vendor/qcom/common/hal_rcsservice.te +++ b/vendor/qcom/common/hal_rcsservice.te @@ -7,6 +7,8 @@ net_domain(hal_rcsservice) # To register imsrcsd to hwBinder hwbinder_use(hal_rcsservice) +allow hal_rcsservice hidl_manager_hwservice:hwservice_manager find; + # add IUceSerive and IService to Hidl interface add_hwservice(hal_rcsservice, hal_imsrcsd_hwservice) add_hwservice(hal_rcsservice, hal_imscallinfo_hwservice) diff --git a/vendor/qcom/common/qtelephony.te b/vendor/qcom/common/qtelephony.te index a1cad86..c93440a 100644 --- a/vendor/qcom/common/qtelephony.te +++ b/vendor/qcom/common/qtelephony.te @@ -6,6 +6,7 @@ add_hwservice(qtelephony, vnd_atcmdfwd_hwservice) allow qtelephony app_api_service:service_manager find; allow qtelephony hal_imsrtp_hwservice:hwservice_manager find; +allow qtelephony hal_telephony_service:service_manager find; allow qtelephony radio_service:service_manager find; allow qtelephony sysfs_diag:dir search; allow qtelephony sysfs_timestamp_switch:file r_file_perms; diff --git a/vendor/qcom/common/service.te b/vendor/qcom/common/service.te index e69de29..f104da7 100644 --- a/vendor/qcom/common/service.te +++ b/vendor/qcom/common/service.te @@ -0,0 +1 @@ +type hal_telephony_service, service_manager_type, vendor_service; diff --git a/vendor/qcom/common/service_contexts b/vendor/qcom/common/service_contexts new file mode 100644 index 0000000..405f768 --- /dev/null +++ b/vendor/qcom/common/service_contexts @@ -0,0 +1 @@ +vendor.qti.hardware.radio.ims.IImsRadio/default u:object_r:hal_telephony_service:s0 |