sepolicy: Separate system partition sepolicy and hal macros from vendor partition

Test: VoLTE, VT & VoWiFi on Vzw and T-Mobile SIM cards Bug: 62574674 Change-Id: Icf764bf353bbdfb7831f5ea8528414a271525c63
2026-01-28 13:18:23 +00:00 · 2017-06-21 16:05:39 -07:00
parent 555d3c7910
commit 28511cb3df
11 changed files with 30 additions and 25 deletions
--- a/sepolicy/private/dataservice_app.te
+++ b/sepolicy/private/dataservice_app.te
@@ -0,0 +1,21 @@
+typeattribute dataservice_app coredomain;
+app_domain(dataservice_app)
+net_domain(dataservice_app)
+
+add_service(dataservice_app, cne_service)
+add_service(dataservice_app, uce_service)
+allow dataservice_app {
+  app_api_service
+  system_api_service
+  audioserver_service
+  radio_service
+}:service_manager find;
+
+allow dataservice_app hal_imsrcsd_hwservice:hwservice_manager find;
+allow dataservice_app hal_cne_hwservice:hwservice_manager find;
+
+allow dataservice_app system_app_data_file:dir create_dir_perms;
+allow dataservice_app system_app_data_file:{ file lnk_file } create_file_perms;
+
+hwbinder_use(dataservice_app)
+
--- a/sepolicy/private/radio.te
+++ b/sepolicy/private/radio.te
@@ -0,0 +1 @@
+allow radio uce_service:service_manager find;
--- a/sepolicy/private/service.te
+++ b/sepolicy/private/service.te
@@ -0,0 +1,2 @@
+type cne_service,                 service_manager_type;
+type uce_service,                 service_manager_type;
--- a/sepolicy/private/service_contexts
+++ b/sepolicy/private/service_contexts
@@ -1 +1,3 @@
 qti.ims.ext                                          u:object_r:radio_service:s0
+cneservice                                           u:object_r:cne_service:s0
+uce                                                  u:object_r:uce_service:s0
--- a/sepolicy/public/dataservice_app.te
+++ b/sepolicy/public/dataservice_app.te
@@ -0,0 +1 @@
+type dataservice_app, domain;
--- a/sepolicy/public/hwservice.te
+++ b/sepolicy/public/hwservice.te
@@ -0,0 +1,2 @@
+type hal_cne_hwservice, hwservice_manager_type;
+type hal_imsrcsd_hwservice, hwservice_manager_type;
--- a/sepolicy/vendor/dataservice_app.te
+++ b/sepolicy/vendor/dataservice_app.te
@@ -1,25 +1,8 @@
-#TODO Move this to sepolicy/private/dataservice_app.te (b/62574674)
-type dataservice_app, domain, coredomain;
-app_domain(dataservice_app)
-net_domain(dataservice_app)
-
 get_prop(dataservice_app, cnd_prop)
-add_service(dataservice_app, cne_service)
-add_service(dataservice_app, uce_service)
-allow dataservice_app { app_api_service system_api_service audioserver_service radio_service } :service_manager find;

 r_dir_file(dataservice_app, sysfs_msm_subsys)
-#TODO Move this to sepolicy/private/dataservice_app.te (b/62574674)
-allow dataservice_app hal_imsrcsd_hwservice:hwservice_manager find;

-#TODO remove the following 2 if dataservice is moved out of system as part of b/38043081
-allow dataservice_app system_app_data_file:dir create_dir_perms;
-allow dataservice_app system_app_data_file:{ file lnk_file } create_file_perms;
-
-#TODO Move this to sepolicy/private/dataservice_app.te (b/62574674)
-allow dataservice_app hal_cne_hwservice:hwservice_manager find;
 binder_call(dataservice_app, cnd)
-hwbinder_use(dataservice_app)

 # imsrcsd to bind with UceShimService.apk
 binder_call(dataservice_app, hal_rcsservice)
--- a/sepolicy/vendor/hwservice.te
+++ b/sepolicy/vendor/hwservice.te
@@ -1,6 +1,4 @@
 type vnd_ims_radio_hwservice, hwservice_manager_type;
 type vnd_qcrilhook_hwservice, hwservice_manager_type;
 type hal_imsrtp_hwservice, hwservice_manager_type;
-#TODO Move the following 2 types public SE policy (b/62574674)
-type hal_cne_hwservice, hwservice_manager_type;
-type hal_imsrcsd_hwservice, hwservice_manager_type;
+type hal_ipacm_hwservice, hwservice_manager_type;
--- a/sepolicy/vendor/radio.te
+++ b/sepolicy/vendor/radio.te
@@ -15,7 +15,6 @@ allow radio hal_imsrtp_hwservice:hwservice_manager find;

 add_service(radio, radio_service)
 allow radio {
-  uce_service
  mediaextractor_service
  mediacodec_service
 }:service_manager find;
--- a/sepolicy/vendor/service.te
+++ b/sepolicy/vendor/service.te
@@ -1,3 +1 @@
-type cne_service,                 service_manager_type;
-type uce_service,                 service_manager_type;
 type imsuce_service,              service_manager_type;
--- a/sepolicy/vendor/service_contexts
+++ b/sepolicy/vendor/service_contexts
@@ -1,5 +1,3 @@
 rcs                                                  u:object_r:radio_service:s0
-cneservice                                           u:object_r:cne_service:s0
 com.fingerprints.extension.IFingerprintNavigation    u:object_r:fingerprint_service:s0
-uce                                                  u:object_r:uce_service:s0
 com.qualcomm.qti.uceservice                          u:object_r:imsuce_service:s0
				`@@ -0,0 +1 @@`
				`allow radio uce_service:service_manager find;`