Evolution-x-devices/device_google_gs201
2
0
Fork 0
mirror of https://github.com/Evolution-X-Devices/device_google_gs201 synced 2026-01-27 14:29:33 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
cade9a597f7407b07ff435de89940e47ab86ab51
device_google_gs201/whitechapel_pro/modem_svc_sit.te
Xiaofan Jiang b958dd13ad gs201: update shared_modem_platform sepolicy for UMI 
Bug: 357139752

Flag: EXEMPT sepolicy

[   68.189198] type=1400 audit(1722986580.568:59): avc:  denied  { unlink } for  comm="binder:892_2" name="modem_svc_socket" dev="dm-52" ino=20239 scontext=u:r:modem_svc_sit:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=sock_file permissive=1
[   68.189448] type=1400 audit(1722986580.568:60): avc:  denied  { create } for  comm="binder:892_2" name="modem_svc_socket" scontext=u:r:modem_svc_sit:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=sock_file permissive=1

Change-Id: I0bbef83a3915e4c0e284296bc5b59e0ce6cf6f15
2024-08-15 04:01:03 +00:00

57 lines
1.9 KiB
Plaintext
Raw Blame History

type modem_svc_sit, domain;
type modem_svc_sit_exec, vendor_file_type, exec_type, file_type;
init_daemon_domain(modem_svc_sit)
hwbinder_use(modem_svc_sit)
binder_call(modem_svc_sit, rild)
# Grant sysfs modem access
allow modem_svc_sit sysfs_modem:file rw_file_perms;
# Grant radio device access
allow modem_svc_sit radio_device:chr_file rw_file_perms;
# Grant vendor radio and modem file/dir creation permission
allow modem_svc_sit radio_vendor_data_file:dir create_dir_perms;
allow modem_svc_sit radio_vendor_data_file:file create_file_perms;
allow modem_svc_sit modem_stat_data_file:dir create_dir_perms;
allow modem_svc_sit modem_stat_data_file:file create_file_perms;
allow modem_svc_sit vendor_fw_file:dir search;
allow modem_svc_sit vendor_fw_file:file r_file_perms;
allow modem_svc_sit mnt_vendor_file:dir r_dir_perms;
allow modem_svc_sit modem_userdata_file:dir create_dir_perms;
allow modem_svc_sit modem_userdata_file:file create_file_perms;
# RIL property
get_prop(modem_svc_sit, vendor_rild_prop)
# Modem property
set_prop(modem_svc_sit, vendor_modem_prop)
# hwservice permission
allow modem_svc_sit hal_exynos_rild_hwservice:hwservice_manager find;
get_prop(modem_svc_sit, hwservicemanager_prop)
# logging property
get_prop(modem_svc_sit, vendor_logger_prop)
userdebug_or_eng(`
allow modem_svc_sit radio_test_device:chr_file rw_file_perms;
')
# Write trace data to the Perfetto traced daemon. This requires connecting to
# its producer socket and obtaining a (per-process) tmpfs fd.
perfetto_producer(modem_svc_sit)
# Allow modem_svc_sit to access modem image file/dir
allow modem_svc_sit modem_img_file:dir r_dir_perms;
allow modem_svc_sit modem_img_file:file r_file_perms;
allow modem_svc_sit modem_img_file:lnk_file r_file_perms;
# Allow modem_svc_sit to access socket for UMI
userdebug_or_eng(`
allow modem_svc_sit radio_vendor_data_file:sock_file { create unlink };
')
Reference in New Issue View Git Blame Copy Permalink