SELinux: Grant radio related app corresponding SELinux capability to logging baseband log
The following permissions are granted for process with radio UID in non-user build:
1. connect to local socket rild-debug
2. read/write /dev/ttyACM1
Change-Id: If7cc7781d9c5465dd06694d09ac4c3bfd0403679
diff --git a/BoardConfigCommon.mk b/BoardConfigCommon.mk
index 27924d0..6f441d9 100644
--- a/BoardConfigCommon.mk
+++ b/BoardConfigCommon.mk
@@ -102,4 +102,5 @@
system_app.te \
system_server.te \
ueventd.te \
- vold.te
+ vold.te \
+ radio.te
diff --git a/sepolicy/device.te b/sepolicy/device.te
index 0ec95ae..9e9c177 100644
--- a/sepolicy/device.te
+++ b/sepolicy/device.te
@@ -2,3 +2,4 @@
type nvhost_device, dev_type;
type elan_ip_device, dev_type;
type diag_device, dev_type;
+type baseband_log_device, dev_type;
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index f3bd1eb..fe30a49 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -12,6 +12,7 @@
/dev/ttyHS1 u:object_r:gps_device:s0
/dev/ttyHS2 u:object_r:hci_attach_dev:s0
/dev/ttyACM0 u:object_r:radio_device:s0
+/dev/ttyACM1 u:object_r:baseband_log_device:s0
/data/amit(/.*)? u:object_r:sensors_data_file:s0
/data/calibration(/.*)? u:object_r:sensors_data_file:s0
diff --git a/sepolicy/radio.te b/sepolicy/radio.te
new file mode 100644
index 0000000..14edd20
--- /dev/null
+++ b/sepolicy/radio.te
@@ -0,0 +1,4 @@
+userdebug_or_eng(`
+ unix_socket_connect(radio, rild_debug, rild)
+ allow radio baseband_log_device:chr_file rw_file_perms;
+')
