tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_system_sepolicy/public/radio.te
Chiachang Wang 813c25fc91 Add new selinux type for radio process 
ConnectivityService is going to become mainline and can not
access hidden APIs. Telephony and Settings were both accessing
the hidden API ConnectivityManager#getMobileProvisioningUrl.
Moving #getMobileProvisioningUrl method into telephony means
that there is one less access to a hidden API within the overall
framework since the Connectivity stack never needed this value.
Thus, move getMobileProvisioningUrl parsing to telephony surface
and provide the corresponding sepolicy permission for its access.

The exsting radio_data_file is an app data type and may allow
more permission than necessary. Thus create a new type and give
the necessary read access only.

Bug: 175177794
Test: verify that the radio process could read
      /data/misc/radio/provisioning_urls.xml successfully
Change-Id: I191261a57667dc7936c22786d75da971f94710ef
2020-12-24 15:11:15 +08:00

36 lines
1.3 KiB
Text
Raw Blame History

# phone subsystem
type radio, domain, mlstrustedsubject;
net_domain(radio)
bluetooth_domain(radio)
binder_service(radio)
# Talks to hal_telephony_server via the rild socket only for devices without full treble
not_full_treble(`unix_socket_connect(radio, rild, hal_telephony_server)')
# Data file accesses.
allow radio radio_data_file:dir create_dir_perms;
allow radio radio_data_file:notdevfile_class_set create_file_perms;
allow radio radio_core_data_file:dir r_dir_perms;
allow radio radio_core_data_file:file r_file_perms;
allow radio net_data_file:dir search;
allow radio net_data_file:file r_file_perms;
add_service(radio, radio_service)
allow radio audioserver_service:service_manager find;
allow radio cameraserver_service:service_manager find;
allow radio drmserver_service:service_manager find;
allow radio mediaserver_service:service_manager find;
allow radio nfc_service:service_manager find;
allow radio app_api_service:service_manager find;
allow radio system_api_service:service_manager find;
allow radio timedetector_service:service_manager find;
allow radio timezonedetector_service:service_manager find;
# Perform HwBinder IPC.
hwbinder_use(radio)
hal_client_domain(radio, hal_telephony)
# Used by TelephonyManager
allow radio proc_cmdline:file r_file_perms;
Reference in a new issue View git blame Copy permalink