platform_system_sepolicy/public/hal_telephony.te

# HwBinder IPC from client to server, and callbacks
binder_call(hal_telephony_client, hal_telephony_server)
binder_call(hal_telephony_server, hal_telephony_client)

hal_attribute_hwservice(hal_telephony, hal_telephony_hwservice)
hal_attribute_service(hal_telephony, hal_radio_service)

allowxperm hal_telephony_server self:udp_socket ioctl priv_sock_ioctls;

allow hal_telephony_server self:netlink_route_socket nlmsg_write;
allow hal_telephony_server self:global_capability_class_set { setpcap setgid setuid net_admin net_raw };
allow hal_telephony_server cgroup:dir create_dir_perms;
allow hal_telephony_server cgroup:{ file lnk_file } r_file_perms;
allow hal_telephony_server cgroup_v2:dir create_dir_perms;
allow hal_telephony_server cgroup_v2:{ file lnk_file } r_file_perms;
allow hal_telephony_server radio_device:chr_file rw_file_perms;
allow hal_telephony_server radio_device:blk_file r_file_perms;
allow hal_telephony_server efs_file:dir create_dir_perms;
allow hal_telephony_server efs_file:file create_file_perms;
allow hal_telephony_server vendor_shell_exec:file rx_file_perms;
allow hal_telephony_server bluetooth_efs_file:file r_file_perms;
allow hal_telephony_server bluetooth_efs_file:dir r_dir_perms;

# property service
get_prop(hal_telephony_server, telephony_config_prop)
set_prop(hal_telephony_server, radio_control_prop)
set_prop(hal_telephony_server, radio_prop)
set_prop(hal_telephony_server, telephony_status_prop)

allow hal_telephony_server tty_device:chr_file rw_file_perms;

# Allow hal_telephony_server to create and use netlink sockets.
allow hal_telephony_server self:netlink_socket create_socket_perms_no_ioctl;
allow hal_telephony_server self:netlink_generic_socket create_socket_perms_no_ioctl;
allow hal_telephony_server self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;

# Access to wake locks
wakelock_use(hal_telephony_server)

r_dir_file(hal_telephony_server, proc_net_type)
r_dir_file(hal_telephony_server, sysfs_type)

# granting the ioctl permission for hal_telephony_server should be device specific
allow hal_telephony_server self:socket create_socket_perms_no_ioctl;

# Allow AIDL HAL shim to call HIDL HAL implementation
binder_call(hal_telephony_server, hal_telephony_server)
Restrict access to hwservicemanager This adds fine-grained policy about who can register and find which HwBinder services in hwservicemanager. Test: Play movie in Netflix and Google Play Movies Test: Play video in YouTube app and YouTube web page Test: In Google Camera app, take photo (HDR+ and conventional), record video (slow motion and normal), and check that photos look fine and videos play back with sound. Test: Cast screen to a Google Cast device Test: Get location fix in Google Maps Test: Make and receive a phone call, check that sound works both ways and that disconnecting the call frome either end works fine. Test: Run RsHelloCompute RenderScript demo app Test: Run fast subset of media CTS tests: make and install CtsMediaTestCases.apk adb shell am instrument -e size small \ -w 'android.media.cts/android.support.test.runner.AndroidJUnitRunner' Test: Play music using Google Play music Test: Adjust screen brightness via the slider in Quick Settings Test: adb bugreport Test: Enroll in fingerprint screen unlock, unlock screen using fingerprint Test: Apply OTA update: Make some visible change, e.g., rename Settings app. make otatools && \ make dist Ensure device has network connectivity ota_call.py -s <serial here> --file out/dist/sailfish-ota-*.zip Confirm the change is now live on the device Bug: 34454312 (cherry picked from commit 632bc494f199d9d85c37c1751667fe41f4b094cb) Merged-In: Iecf74000e6c68f01299667486f3c767912c076d3 Change-Id: I7a9a487beaf6f30c52ce08e04d415624da49dd31 2017-04-14 04:05:27 +02:00			`# HwBinder IPC from client to server, and callbacks`
			`binder_call(hal_telephony_client, hal_telephony_server)`
			`binder_call(hal_telephony_server, hal_telephony_client)`

hal_attribute_hwservice_client drop '_client' Since this attribute just associates a hal_attribute with a given hwservice in the standard way. Bug: 80319537 Test: boot + sanity + test for denials Change-Id: I545de165515387317e6920ce8f5e8c491f9ab24e 2018-06-06 18:30:18 +02:00			`hal_attribute_hwservice(hal_telephony, hal_telephony_hwservice)`
Combining hal_radio_*_service into hal_radio_service Test: build and flash Bug: 198331673 Change-Id: Id5d699ffc77f708e2144ffea6d2a6805822e7f50 2022-01-24 20:42:38 +01:00			`hal_attribute_service(hal_telephony, hal_radio_service)`
Restrict access to hwservicemanager This adds fine-grained policy about who can register and find which HwBinder services in hwservicemanager. Test: Play movie in Netflix and Google Play Movies Test: Play video in YouTube app and YouTube web page Test: In Google Camera app, take photo (HDR+ and conventional), record video (slow motion and normal), and check that photos look fine and videos play back with sound. Test: Cast screen to a Google Cast device Test: Get location fix in Google Maps Test: Make and receive a phone call, check that sound works both ways and that disconnecting the call frome either end works fine. Test: Run RsHelloCompute RenderScript demo app Test: Run fast subset of media CTS tests: make and install CtsMediaTestCases.apk adb shell am instrument -e size small \ -w 'android.media.cts/android.support.test.runner.AndroidJUnitRunner' Test: Play music using Google Play music Test: Adjust screen brightness via the slider in Quick Settings Test: adb bugreport Test: Enroll in fingerprint screen unlock, unlock screen using fingerprint Test: Apply OTA update: Make some visible change, e.g., rename Settings app. make otatools && \ make dist Ensure device has network connectivity ota_call.py -s <serial here> --file out/dist/sailfish-ota-*.zip Confirm the change is now live on the device Bug: 34454312 (cherry picked from commit 632bc494f199d9d85c37c1751667fe41f4b094cb) Merged-In: Iecf74000e6c68f01299667486f3c767912c076d3 Change-Id: I7a9a487beaf6f30c52ce08e04d415624da49dd31 2017-04-14 04:05:27 +02:00
Revert "Revert "Move rild from public to vendor."" This reverts commit 016f0a58a9cd429f1986033f922d4bb7f58f5f3a. Reason for revert: Was temporarily reverted, merging back in with fix. Test: Basic telephony sanity, treehugger Bug: 74486619 Bug: 36427227 Merged-in: Ide68726a90d5485c2758673079427407aee1e4f2 Change-Id: Ide68726a90d5485c2758673079427407aee1e4f2 (cherry picked from commit 312248ff726d11b88aeb6db5ba7ca2df09077adf) 2018-03-12 18:12:09 +01:00			`allowxperm hal_telephony_server self:udp_socket ioctl priv_sock_ioctls;`

			`allow hal_telephony_server self:netlink_route_socket nlmsg_write;`
			`allow hal_telephony_server self:global_capability_class_set { setpcap setgid setuid net_admin net_raw };`
			`allow hal_telephony_server cgroup:dir create_dir_perms;`
			`allow hal_telephony_server cgroup:{ file lnk_file } r_file_perms;`
sepolicy: rules for uid/pid cgroups v2 hierarchy Bug: 168907513 Test: verified the correct working of the v2 uid/pid hierarchy in normal and recovery modes This reverts commit aa8bb3a29b92a342c42c802edac269da5984d1df. Change-Id: Ib344d500ea49b86e862e223ab58a16601eebef47 2021-02-12 00:18:11 +01:00			`allow hal_telephony_server cgroup_v2:dir create_dir_perms;`
			`allow hal_telephony_server cgroup_v2:{ file lnk_file } r_file_perms;`
Revert "Revert "Move rild from public to vendor."" This reverts commit 016f0a58a9cd429f1986033f922d4bb7f58f5f3a. Reason for revert: Was temporarily reverted, merging back in with fix. Test: Basic telephony sanity, treehugger Bug: 74486619 Bug: 36427227 Merged-in: Ide68726a90d5485c2758673079427407aee1e4f2 Change-Id: Ide68726a90d5485c2758673079427407aee1e4f2 (cherry picked from commit 312248ff726d11b88aeb6db5ba7ca2df09077adf) 2018-03-12 18:12:09 +01:00			`allow hal_telephony_server radio_device:chr_file rw_file_perms;`
			`allow hal_telephony_server radio_device:blk_file r_file_perms;`
			`allow hal_telephony_server efs_file:dir create_dir_perms;`
			`allow hal_telephony_server efs_file:file create_file_perms;`
			`allow hal_telephony_server vendor_shell_exec:file rx_file_perms;`
			`allow hal_telephony_server bluetooth_efs_file:file r_file_perms;`
			`allow hal_telephony_server bluetooth_efs_file:dir r_dir_perms;`

			`# property service`
Grant app and hal access to telephony_config_prop To resolve regression. Bug: 158254452 Test: m selinux_policy Change-Id: If0db9b9a4af6c34a007d0549aa7a5dd465e4ed63 2020-06-05 03:40:16 +02:00			`get_prop(hal_telephony_server, telephony_config_prop)`
Rename exported3_radio_prop to radio_control_prop The context name exported3_radio_prop is ambiguous and does not reflect the usage and role of the properties. This changes its name to radio_control_prop. Some downstream branches are still using exported3_radio_prop, so get_prop(domain, radio_control_prop) is added to avoid regression. It's just a workaround and to be removed soon, after all exported3_radio_prop are cleaned up. Exempt-From-Owner-Approval: cherry pick Bug: 162214733 Test: boot a device with a sim and see basic functions work Change-Id: If5fe3be7c64b36435c4ad0dc9a8089077295d502 Merged-In: If5fe3be7c64b36435c4ad0dc9a8089077295d502 2020-07-28 08:17:24 +02:00			`set_prop(hal_telephony_server, radio_control_prop)`
Revert "Revert "Move rild from public to vendor."" This reverts commit 016f0a58a9cd429f1986033f922d4bb7f58f5f3a. Reason for revert: Was temporarily reverted, merging back in with fix. Test: Basic telephony sanity, treehugger Bug: 74486619 Bug: 36427227 Merged-in: Ide68726a90d5485c2758673079427407aee1e4f2 Change-Id: Ide68726a90d5485c2758673079427407aee1e4f2 (cherry picked from commit 312248ff726d11b88aeb6db5ba7ca2df09077adf) 2018-03-12 18:12:09 +01:00			`set_prop(hal_telephony_server, radio_prop)`
Add contexts for exported telephony props To remove bad context names, two contexts are added. - telephony_config_prop - telephony_status_prop exported_radio_prop, exported2_radio_prop are removed. Cleaning up exported3_radio_prop will be a follow-up task. Exempt-From-Owner-Approval: cherry-pick Bug: 152471138 Bug: 155844385 Test: boot and see no denials Test: usim works on blueline Change-Id: Iff9a4635c709f3ebe266cd811df3a1b4d3a242c2 Merged-In: Iff9a4635c709f3ebe266cd811df3a1b4d3a242c2 (cherry picked from commit 4d36eae8affaffce00063d37fe7f1d570cca1f1f) 2020-05-14 14:47:43 +02:00			`set_prop(hal_telephony_server, telephony_status_prop)`
Revert "Revert "Move rild from public to vendor."" This reverts commit 016f0a58a9cd429f1986033f922d4bb7f58f5f3a. Reason for revert: Was temporarily reverted, merging back in with fix. Test: Basic telephony sanity, treehugger Bug: 74486619 Bug: 36427227 Merged-in: Ide68726a90d5485c2758673079427407aee1e4f2 Change-Id: Ide68726a90d5485c2758673079427407aee1e4f2 (cherry picked from commit 312248ff726d11b88aeb6db5ba7ca2df09077adf) 2018-03-12 18:12:09 +01:00
			`allow hal_telephony_server tty_device:chr_file rw_file_perms;`

			`# Allow hal_telephony_server to create and use netlink sockets.`
			`allow hal_telephony_server self:netlink_socket create_socket_perms_no_ioctl;`
			`allow hal_telephony_server self:netlink_generic_socket create_socket_perms_no_ioctl;`
			`allow hal_telephony_server self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;`

			`# Access to wake locks`
			`wakelock_use(hal_telephony_server)`

Start the process of locking down proc/net Files in /proc/net leak information. This change is the first step in determining which files apps may use, whitelisting benign access, and otherwise removing access while providing safe alternative APIs. To that end, this change: * Introduces the proc_net_type attribute which will assigned to any new SELinux types in /proc/net to avoid removing access to privileged processes. These processes may be evaluated later, but are lower priority than apps. * Labels /proc/net/{tcp,tcp6,udp,udp6} as proc_net_vpn due to existing use by VPN apps. This may be replaced by an alternative API. * Audits all other proc/net access for apps. * Audits proc/net access for other processes which are currently granted broad read access to /proc/net but should not be including storaged, zygote, clatd, logd, preopt2cachename and vold. Bug: 9496886 Bug: 68016944 Test: Boot Taimen-userdebug. On both wifi and cellular: stream youtube navigate maps, send text message, make voice call, make video call. Verify no avc "granted" messages in the logs. Test: A few VPN apps including "VPN Monster", "Turbo VPN", and "Freighter". Verify no logspam with the current setup. Test: atest CtsNativeNetTestCases Test: atest netd_integration_test Test: atest QtaguidPermissionTest Test: atest FileSystemPermissionTest Change-Id: I7e49f796a25cf68bc698c6c9206e24af3ae11457 Merged-In: I7e49f796a25cf68bc698c6c9206e24af3ae11457 (cherry picked from commit 087318957f26e921d62f2e234fc14bff3c59030e) 2018-04-10 21:47:48 +02:00			`r_dir_file(hal_telephony_server, proc_net_type)`
Revert "Revert "Move rild from public to vendor."" This reverts commit 016f0a58a9cd429f1986033f922d4bb7f58f5f3a. Reason for revert: Was temporarily reverted, merging back in with fix. Test: Basic telephony sanity, treehugger Bug: 74486619 Bug: 36427227 Merged-in: Ide68726a90d5485c2758673079427407aee1e4f2 Change-Id: Ide68726a90d5485c2758673079427407aee1e4f2 (cherry picked from commit 312248ff726d11b88aeb6db5ba7ca2df09077adf) 2018-03-12 18:12:09 +01:00			`r_dir_file(hal_telephony_server, sysfs_type)`

			`# granting the ioctl permission for hal_telephony_server should be device specific`
			`allow hal_telephony_server self:socket create_socket_perms_no_ioctl;`
Enable Telephony AIDL-HIDL shim HAL Bug: 203699028 Test: Boot with ag/16078505 applied Change-Id: Ib9afbe2217670ccfc163812c6b73d9d11d748d2d 2021-10-21 20:40:31 +02:00
			`# Allow AIDL HAL shim to call HIDL HAL implementation`
			`binder_call(hal_telephony_server, hal_telephony_server)`