From 9882d1d7a6e52cff80f0f35f472725433d9e9488 Mon Sep 17 00:00:00 2001 From: Jayachandran C Date: Wed, 19 Jul 2017 12:57:42 -0700 Subject: [PATCH] AU293 drop rebase for IMS and radio related changes 1) Explicitly specify uid, gid and groups needed for cnd Add CAP_BLOCK_SUSPEND 2) Move sys.ims properties to vendor.ims 3) Remove imscmservice from init as its not used on Pixel Bug: 63850865 Bug: 63804057 Change-Id: Ie8f0eefa96a21605a63ae5a73e59270866704ed7 --- android_filesystem_config.h | 3 ++- init.hardware.rc | 15 +++++---------- sepolicy/vendor/cnd.te | 4 ++-- sepolicy/vendor/property_contexts | 1 + 4 files changed, 10 insertions(+), 13 deletions(-) diff --git a/android_filesystem_config.h b/android_filesystem_config.h index 07293f35..775a7171 100644 --- a/android_filesystem_config.h +++ b/android_filesystem_config.h @@ -35,7 +35,8 @@ static const struct fs_path_config android_device_files[] = { { 00755, AID_SYSTEM, AID_SYSTEM, (1ULL << CAP_NET_BIND_SERVICE), "vendor/bin/pm-service" }, { 00755, AID_SYSTEM, AID_SYSTEM, (1ULL << CAP_NET_BIND_SERVICE), "vendor/bin/cnss-daemon"}, { 00755, AID_SYSTEM, AID_SYSTEM, (1ULL << CAP_NET_BIND_SERVICE), "vendor/bin/imsdatadaemon" }, - { 00755, AID_SYSTEM, AID_SYSTEM, (1ULL << CAP_NET_BIND_SERVICE), "vendor/bin/cnd" }, + { 00755, AID_SYSTEM, AID_SYSTEM, (1ULL << CAP_NET_BIND_SERVICE) + | (1ULL << CAP_BLOCK_SUSPEND), "vendor/bin/cnd" }, { 00755, AID_SYSTEM, AID_RADIO, (1ULL << CAP_NET_BIND_SERVICE), "vendor/bin/ims_rtp_daemon" }, { 00755, AID_SYSTEM, AID_SYSTEM, (1ULL << CAP_SYS_NICE) | (1ULL << CAP_BLOCK_SUSPEND), "vendor/bin/wcnss_filter" }, #ifdef NO_ANDROID_FILESYSTEM_CONFIG_DEVICE_DIRS diff --git a/init.hardware.rc b/init.hardware.rc index 07ab0ad5..36c25996 100644 --- a/init.hardware.rc +++ b/init.hardware.rc @@ -608,7 +608,7 @@ service imsdatadaemon /vendor/bin/imsdatadaemon group system wifi radio inet log disabled -on property:sys.ims.QMI_DAEMON_STATUS=1 +on property:vendor.ims.QMI_DAEMON_STATUS=1 start imsdatadaemon service ims_rtp_daemon /vendor/bin/ims_rtp_daemon @@ -617,21 +617,14 @@ service ims_rtp_daemon /vendor/bin/ims_rtp_daemon group radio diag inet log disabled -service imscmservice /vendor/bin/imscmservice - class main - user system - group radio diag inet log - disabled - service imsrcsservice /vendor/bin/imsrcsd class hal user system group radio diag inet log disabled -on property:sys.ims.DATA_DAEMON_STATUS=1 +on property:vendor.ims.DATA_DAEMON_STATUS=1 start ims_rtp_daemon - start imscmservice start imsrcsservice service qmuxd /vendor/bin/qmuxd @@ -639,9 +632,11 @@ service qmuxd /vendor/bin/qmuxd user root group radio audio bluetooth gps nfc qcom_diag +#TODO evaluate group system once b/62571088 is resolved service cnd /vendor/bin/cnd class main - socket cnd stream 660 root inet + user system + group inet system wifi radio wakelock service netmgrd /vendor/bin/netmgrd class main diff --git a/sepolicy/vendor/cnd.te b/sepolicy/vendor/cnd.te index becd101e..ca562c9a 100644 --- a/sepolicy/vendor/cnd.te +++ b/sepolicy/vendor/cnd.te @@ -5,8 +5,8 @@ file_type_auto_trans(cnd, socket_device, cnd_socket); # cnd is started by init, type transit from init domain to cnd domain init_daemon_domain(cnd) -#TODO remove chown fsetid setgid setuid once b/62571088 is resolved -allow cnd self:capability { chown fsetid setgid setuid net_bind_service }; +allow cnd self:capability { net_bind_service }; +wakelock_use(cnd) allow cnd self:udp_socket create_socket_perms; allowxperm cnd self:udp_socket ioctl SIOCGIFMTU; diff --git a/sepolicy/vendor/property_contexts b/sepolicy/vendor/property_contexts index 9635f48a..b5d5728d 100644 --- a/sepolicy/vendor/property_contexts +++ b/sepolicy/vendor/property_contexts @@ -3,6 +3,7 @@ htc.camera. u:object_r:camera_prop:s0 persist.vendor.sys.cnd u:object_r:cnd_prop:s0 persist.sys.cnd u:object_r:cnd_prop:s0 sys.ims. u:object_r:ims_prop:s0 +vendor.ims. u:object_r:ims_prop:s0 sys.keymaster.loaded u:object_r:keymaster_prop:s0 net.r_rmnet_data0 u:object_r:net_rmnet_prop:s0 persist.net.doxlat u:object_r:net_radio_prop:s0