Merge "Move rild from public to vendor." into pi-dev
am: 910f63f9ee
Change-Id: Ic568444d21e65679f613394660fd655d79f86826
This commit is contained in:
Amit Mahajan
android-build-merger
commit
8991acdbfe
9 changed files with 53 additions and 53 deletions
|
|
@ -12,6 +12,7 @@
|
||||||
(type tracing_shell_writable_debug)
|
(type tracing_shell_writable_debug)
|
||||||
(type vold_socket)
|
(type vold_socket)
|
||||||
(type webview_zygote_socket)
|
(type webview_zygote_socket)
|
||||||
|
(type rild)
|
||||||
|
|
||||||
(typeattributeset accessibility_service_26_0 (accessibility_service))
|
(typeattributeset accessibility_service_26_0 (accessibility_service))
|
||||||
(typeattributeset account_service_26_0 (account_service))
|
(typeattributeset account_service_26_0 (account_service))
|
||||||
|
|
|
||||||
|
|
@ -2,6 +2,7 @@
|
||||||
(type webview_zygote_socket)
|
(type webview_zygote_socket)
|
||||||
(type reboot_data_file)
|
(type reboot_data_file)
|
||||||
(type vold_socket)
|
(type vold_socket)
|
||||||
|
(type rild)
|
||||||
|
|
||||||
(expandtypeattribute (accessibility_service_27_0) true)
|
(expandtypeattribute (accessibility_service_27_0) true)
|
||||||
(expandtypeattribute (account_service_27_0) true)
|
(expandtypeattribute (account_service_27_0) true)
|
||||||
|
|
|
||||||
|
|
@ -961,7 +961,6 @@ full_treble_only(`
|
||||||
domain
|
domain
|
||||||
-coredomain
|
-coredomain
|
||||||
-appdomain
|
-appdomain
|
||||||
-rild
|
|
||||||
-vendor_executes_system_violators
|
-vendor_executes_system_violators
|
||||||
-vendor_init
|
-vendor_init
|
||||||
} {
|
} {
|
||||||
|
|
|
||||||
|
|
@ -6,7 +6,7 @@ neverallow {
|
||||||
-hal_wifi_server
|
-hal_wifi_server
|
||||||
-hal_wifi_hostapd_server
|
-hal_wifi_hostapd_server
|
||||||
-hal_wifi_supplicant_server
|
-hal_wifi_supplicant_server
|
||||||
-rild
|
-hal_telephony_server
|
||||||
} self:global_capability_class_set { net_admin net_raw };
|
} self:global_capability_class_set { net_admin net_raw };
|
||||||
|
|
||||||
# Unless a HAL's job is to communicate over the network, or control network
|
# Unless a HAL's job is to communicate over the network, or control network
|
||||||
|
|
@ -17,7 +17,7 @@ neverallow {
|
||||||
-hal_wifi_server
|
-hal_wifi_server
|
||||||
-hal_wifi_hostapd_server
|
-hal_wifi_hostapd_server
|
||||||
-hal_wifi_supplicant_server
|
-hal_wifi_supplicant_server
|
||||||
-rild
|
-hal_telephony_server
|
||||||
} domain:{ tcp_socket udp_socket rawip_socket } *;
|
} domain:{ tcp_socket udp_socket rawip_socket } *;
|
||||||
|
|
||||||
###
|
###
|
||||||
|
|
@ -44,7 +44,7 @@ neverallow {
|
||||||
neverallow {
|
neverallow {
|
||||||
halserverdomain
|
halserverdomain
|
||||||
-hal_dumpstate_server
|
-hal_dumpstate_server
|
||||||
-rild
|
-hal_telephony_server
|
||||||
} { file_type fs_type }:file execute_no_trans;
|
} { file_type fs_type }:file execute_no_trans;
|
||||||
# Do not allow a process other than init to transition into a HAL domain.
|
# Do not allow a process other than init to transition into a HAL domain.
|
||||||
neverallow { domain -init } halserverdomain:process transition;
|
neverallow { domain -init } halserverdomain:process transition;
|
||||||
|
|
|
||||||
|
|
@ -5,3 +5,42 @@ binder_call(hal_telephony_server, hal_telephony_client)
|
||||||
add_hwservice(hal_telephony_server, hal_telephony_hwservice)
|
add_hwservice(hal_telephony_server, hal_telephony_hwservice)
|
||||||
allow hal_telephony_client hal_telephony_hwservice:hwservice_manager find;
|
allow hal_telephony_client hal_telephony_hwservice:hwservice_manager find;
|
||||||
|
|
||||||
|
allowxperm hal_telephony_server self:udp_socket ioctl priv_sock_ioctls;
|
||||||
|
|
||||||
|
allow hal_telephony_server self:netlink_route_socket nlmsg_write;
|
||||||
|
allow hal_telephony_server kernel:system module_request;
|
||||||
|
allow hal_telephony_server self:global_capability_class_set { setpcap setgid setuid net_admin net_raw };
|
||||||
|
allow hal_telephony_server alarm_device:chr_file rw_file_perms;
|
||||||
|
allow hal_telephony_server cgroup:dir create_dir_perms;
|
||||||
|
allow hal_telephony_server cgroup:{ file lnk_file } r_file_perms;
|
||||||
|
allow hal_telephony_server radio_device:chr_file rw_file_perms;
|
||||||
|
allow hal_telephony_server radio_device:blk_file r_file_perms;
|
||||||
|
allow hal_telephony_server mtd_device:dir search;
|
||||||
|
allow hal_telephony_server efs_file:dir create_dir_perms;
|
||||||
|
allow hal_telephony_server efs_file:file create_file_perms;
|
||||||
|
allow hal_telephony_server vendor_shell_exec:file rx_file_perms;
|
||||||
|
allow hal_telephony_server bluetooth_efs_file:file r_file_perms;
|
||||||
|
allow hal_telephony_server bluetooth_efs_file:dir r_dir_perms;
|
||||||
|
allow hal_telephony_server sdcard_type:dir r_dir_perms;
|
||||||
|
|
||||||
|
# property service
|
||||||
|
set_prop(hal_telephony_server, radio_prop)
|
||||||
|
set_prop(hal_telephony_server, exported_radio_prop)
|
||||||
|
set_prop(hal_telephony_server, exported2_radio_prop)
|
||||||
|
|
||||||
|
allow hal_telephony_server tty_device:chr_file rw_file_perms;
|
||||||
|
|
||||||
|
# Allow hal_telephony_server to create and use netlink sockets.
|
||||||
|
allow hal_telephony_server self:netlink_socket create_socket_perms_no_ioctl;
|
||||||
|
allow hal_telephony_server self:netlink_generic_socket create_socket_perms_no_ioctl;
|
||||||
|
allow hal_telephony_server self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
|
||||||
|
|
||||||
|
# Access to wake locks
|
||||||
|
wakelock_use(hal_telephony_server)
|
||||||
|
|
||||||
|
r_dir_file(hal_telephony_server, proc_net)
|
||||||
|
r_dir_file(hal_telephony_server, sysfs_type)
|
||||||
|
r_dir_file(hal_telephony_server, system_file)
|
||||||
|
|
||||||
|
# granting the ioctl permission for hal_telephony_server should be device specific
|
||||||
|
allow hal_telephony_server self:socket create_socket_perms_no_ioctl;
|
||||||
|
|
|
||||||
|
|
@ -158,7 +158,7 @@ compatible_property_only(`
|
||||||
domain
|
domain
|
||||||
-coredomain
|
-coredomain
|
||||||
-appdomain
|
-appdomain
|
||||||
-rild
|
-hal_telephony_server
|
||||||
-vendor_init
|
-vendor_init
|
||||||
} {
|
} {
|
||||||
exported_radio_prop
|
exported_radio_prop
|
||||||
|
|
@ -203,7 +203,7 @@ compatible_property_only(`
|
||||||
domain
|
domain
|
||||||
-coredomain
|
-coredomain
|
||||||
-appdomain
|
-appdomain
|
||||||
-rild
|
-hal_telephony_server
|
||||||
-vendor_init
|
-vendor_init
|
||||||
} {
|
} {
|
||||||
radio_prop
|
radio_prop
|
||||||
|
|
|
||||||
|
|
@ -5,8 +5,8 @@ net_domain(radio)
|
||||||
bluetooth_domain(radio)
|
bluetooth_domain(radio)
|
||||||
binder_service(radio)
|
binder_service(radio)
|
||||||
|
|
||||||
# Talks to rild via the rild socket only for devices without full treble
|
# Talks to hal_telephony_server via the rild socket only for devices without full treble
|
||||||
not_full_treble(`unix_socket_connect(radio, rild, rild)')
|
not_full_treble(`unix_socket_connect(radio, rild, hal_telephony_server)')
|
||||||
|
|
||||||
# Data file accesses.
|
# Data file accesses.
|
||||||
allow radio radio_data_file:dir create_dir_perms;
|
allow radio radio_data_file:dir create_dir_perms;
|
||||||
|
|
|
||||||
|
|
@ -1,45 +0,0 @@
|
||||||
# rild - radio interface layer daemon
|
|
||||||
type rild, domain;
|
|
||||||
hal_server_domain(rild, hal_telephony)
|
|
||||||
|
|
||||||
net_domain(rild)
|
|
||||||
allowxperm rild self:udp_socket ioctl priv_sock_ioctls;
|
|
||||||
|
|
||||||
allow rild self:netlink_route_socket nlmsg_write;
|
|
||||||
allow rild kernel:system module_request;
|
|
||||||
allow rild self:global_capability_class_set { setpcap setgid setuid net_admin net_raw };
|
|
||||||
allow rild alarm_device:chr_file rw_file_perms;
|
|
||||||
allow rild cgroup:dir create_dir_perms;
|
|
||||||
allow rild cgroup:{ file lnk_file } r_file_perms;
|
|
||||||
allow rild radio_device:chr_file rw_file_perms;
|
|
||||||
allow rild radio_device:blk_file r_file_perms;
|
|
||||||
allow rild mtd_device:dir search;
|
|
||||||
allow rild efs_file:dir create_dir_perms;
|
|
||||||
allow rild efs_file:file create_file_perms;
|
|
||||||
allow rild shell_exec:file rx_file_perms;
|
|
||||||
allow rild bluetooth_efs_file:file r_file_perms;
|
|
||||||
allow rild bluetooth_efs_file:dir r_dir_perms;
|
|
||||||
allow rild sdcard_type:dir r_dir_perms;
|
|
||||||
|
|
||||||
# property service
|
|
||||||
set_prop(rild, radio_prop)
|
|
||||||
set_prop(rild, exported_radio_prop)
|
|
||||||
set_prop(rild, exported2_radio_prop)
|
|
||||||
|
|
||||||
allow rild tty_device:chr_file rw_file_perms;
|
|
||||||
|
|
||||||
# Allow rild to create and use netlink sockets.
|
|
||||||
allow rild self:netlink_socket create_socket_perms_no_ioctl;
|
|
||||||
allow rild self:netlink_generic_socket create_socket_perms_no_ioctl;
|
|
||||||
allow rild self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
|
|
||||||
|
|
||||||
# Access to wake locks
|
|
||||||
wakelock_use(rild)
|
|
||||||
|
|
||||||
r_dir_file(rild, proc_net)
|
|
||||||
r_dir_file(rild, sysfs_type)
|
|
||||||
r_dir_file(rild, system_file)
|
|
||||||
|
|
||||||
# granting the ioctl permission for rild should be device specific
|
|
||||||
allow rild self:socket create_socket_perms_no_ioctl;
|
|
||||||
|
|
||||||
5
vendor/rild.te
vendored
5
vendor/rild.te
vendored
|
|
@ -1,3 +1,8 @@
|
||||||
|
# rild - radio interface layer daemon
|
||||||
|
type rild, domain;
|
||||||
|
hal_server_domain(rild, hal_telephony)
|
||||||
|
net_domain(rild)
|
||||||
|
|
||||||
# type_transition must be private policy the domain_trans rules could stay
|
# type_transition must be private policy the domain_trans rules could stay
|
||||||
# public, but conceptually should go with this
|
# public, but conceptually should go with this
|
||||||
type rild_exec, exec_type, vendor_file_type, file_type;
|
type rild_exec, exec_type, vendor_file_type, file_type;
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue