From 28511cb3df9d63809be5fdf9095cce57050016dd Mon Sep 17 00:00:00 2001
From: Sunmeet Gill <sgill@codeaurora.org>
Date: Wed, 21 Jun 2017 16:05:39 -0700
Subject: [PATCH] sepolicy: Separate system partition sepolicy and hal macros
 from vendor partition

Test: VoLTE, VT & VoWiFi on Vzw and T-Mobile SIM cards

Bug: 62574674

Change-Id: Icf764bf353bbdfb7831f5ea8528414a271525c63
---
 sepolicy/private/dataservice_app.te | 21 +++++++++++++++++++++
 sepolicy/private/radio.te           |  1 +
 sepolicy/private/service.te         |  2 ++
 sepolicy/private/service_contexts   |  2 ++
 sepolicy/public/dataservice_app.te  |  1 +
 sepolicy/public/hwservice.te        |  2 ++
 sepolicy/vendor/dataservice_app.te  | 17 -----------------
 sepolicy/vendor/hwservice.te        |  4 +---
 sepolicy/vendor/radio.te            |  1 -
 sepolicy/vendor/service.te          |  2 --
 sepolicy/vendor/service_contexts    |  2 --
 11 files changed, 30 insertions(+), 25 deletions(-)
 create mode 100644 sepolicy/private/dataservice_app.te
 create mode 100644 sepolicy/private/radio.te
 create mode 100644 sepolicy/private/service.te
 create mode 100644 sepolicy/public/dataservice_app.te
 create mode 100644 sepolicy/public/hwservice.te

diff --git a/sepolicy/private/dataservice_app.te b/sepolicy/private/dataservice_app.te
new file mode 100644
index 00000000..cb3d0693
--- /dev/null
+++ b/sepolicy/private/dataservice_app.te
@@ -0,0 +1,21 @@
+typeattribute dataservice_app coredomain;
+app_domain(dataservice_app)
+net_domain(dataservice_app)
+
+add_service(dataservice_app, cne_service)
+add_service(dataservice_app, uce_service)
+allow dataservice_app {
+  app_api_service
+  system_api_service
+  audioserver_service
+  radio_service
+}:service_manager find;
+
+allow dataservice_app hal_imsrcsd_hwservice:hwservice_manager find;
+allow dataservice_app hal_cne_hwservice:hwservice_manager find;
+
+allow dataservice_app system_app_data_file:dir create_dir_perms;
+allow dataservice_app system_app_data_file:{ file lnk_file } create_file_perms;
+
+hwbinder_use(dataservice_app)
+
diff --git a/sepolicy/private/radio.te b/sepolicy/private/radio.te
new file mode 100644
index 00000000..9e505223
--- /dev/null
+++ b/sepolicy/private/radio.te
@@ -0,0 +1 @@
+allow radio uce_service:service_manager find;
diff --git a/sepolicy/private/service.te b/sepolicy/private/service.te
new file mode 100644
index 00000000..d6581237
--- /dev/null
+++ b/sepolicy/private/service.te
@@ -0,0 +1,2 @@
+type cne_service,                 service_manager_type;
+type uce_service,                 service_manager_type;
diff --git a/sepolicy/private/service_contexts b/sepolicy/private/service_contexts
index 5a25d1ef..3e53f9a5 100644
--- a/sepolicy/private/service_contexts
+++ b/sepolicy/private/service_contexts
@@ -1 +1,3 @@
 qti.ims.ext                                          u:object_r:radio_service:s0
+cneservice                                           u:object_r:cne_service:s0
+uce                                                  u:object_r:uce_service:s0
diff --git a/sepolicy/public/dataservice_app.te b/sepolicy/public/dataservice_app.te
new file mode 100644
index 00000000..8c8d82fa
--- /dev/null
+++ b/sepolicy/public/dataservice_app.te
@@ -0,0 +1 @@
+type dataservice_app, domain;
\ No newline at end of file
diff --git a/sepolicy/public/hwservice.te b/sepolicy/public/hwservice.te
new file mode 100644
index 00000000..73653011
--- /dev/null
+++ b/sepolicy/public/hwservice.te
@@ -0,0 +1,2 @@
+type hal_cne_hwservice, hwservice_manager_type;
+type hal_imsrcsd_hwservice, hwservice_manager_type;
diff --git a/sepolicy/vendor/dataservice_app.te b/sepolicy/vendor/dataservice_app.te
index 62156586..1cb94e3c 100644
--- a/sepolicy/vendor/dataservice_app.te
+++ b/sepolicy/vendor/dataservice_app.te
@@ -1,25 +1,8 @@
-#TODO Move this to sepolicy/private/dataservice_app.te (b/62574674)
-type dataservice_app, domain, coredomain;
-app_domain(dataservice_app)
-net_domain(dataservice_app)
-
 get_prop(dataservice_app, cnd_prop)
-add_service(dataservice_app, cne_service)
-add_service(dataservice_app, uce_service)
-allow dataservice_app { app_api_service system_api_service audioserver_service radio_service } :service_manager find;
 
 r_dir_file(dataservice_app, sysfs_msm_subsys)
-#TODO Move this to sepolicy/private/dataservice_app.te (b/62574674)
-allow dataservice_app hal_imsrcsd_hwservice:hwservice_manager find;
 
-#TODO remove the following 2 if dataservice is moved out of system as part of b/38043081
-allow dataservice_app system_app_data_file:dir create_dir_perms;
-allow dataservice_app system_app_data_file:{ file lnk_file } create_file_perms;
-
-#TODO Move this to sepolicy/private/dataservice_app.te (b/62574674)
-allow dataservice_app hal_cne_hwservice:hwservice_manager find;
 binder_call(dataservice_app, cnd)
-hwbinder_use(dataservice_app)
 
 # imsrcsd to bind with UceShimService.apk
 binder_call(dataservice_app, hal_rcsservice)
diff --git a/sepolicy/vendor/hwservice.te b/sepolicy/vendor/hwservice.te
index 91901c7d..4a1ae5f8 100644
--- a/sepolicy/vendor/hwservice.te
+++ b/sepolicy/vendor/hwservice.te
@@ -1,6 +1,4 @@
 type vnd_ims_radio_hwservice, hwservice_manager_type;
 type vnd_qcrilhook_hwservice, hwservice_manager_type;
 type hal_imsrtp_hwservice, hwservice_manager_type;
-#TODO Move the following 2 types public SE policy (b/62574674)
-type hal_cne_hwservice, hwservice_manager_type;
-type hal_imsrcsd_hwservice, hwservice_manager_type;
+type hal_ipacm_hwservice, hwservice_manager_type;
diff --git a/sepolicy/vendor/radio.te b/sepolicy/vendor/radio.te
index 36c9050c..2beb473c 100644
--- a/sepolicy/vendor/radio.te
+++ b/sepolicy/vendor/radio.te
@@ -15,7 +15,6 @@ allow radio hal_imsrtp_hwservice:hwservice_manager find;
 
 add_service(radio, radio_service)
 allow radio {
-  uce_service
   mediaextractor_service
   mediacodec_service
 }:service_manager find;
diff --git a/sepolicy/vendor/service.te b/sepolicy/vendor/service.te
index 5e9b4c13..2b24fe4b 100644
--- a/sepolicy/vendor/service.te
+++ b/sepolicy/vendor/service.te
@@ -1,3 +1 @@
-type cne_service,                 service_manager_type;
-type uce_service,                 service_manager_type;
 type imsuce_service,              service_manager_type;
diff --git a/sepolicy/vendor/service_contexts b/sepolicy/vendor/service_contexts
index ac1da934..ad75ea18 100644
--- a/sepolicy/vendor/service_contexts
+++ b/sepolicy/vendor/service_contexts
@@ -1,5 +1,3 @@
 rcs                                                  u:object_r:radio_service:s0
-cneservice                                           u:object_r:cne_service:s0
 com.fingerprints.extension.IFingerprintNavigation    u:object_r:fingerprint_service:s0
-uce                                                  u:object_r:uce_service:s0
 com.qualcomm.qti.uceservice                          u:object_r:imsuce_service:s0