modem_svc: Grant to access vendor_build_type_prop and vendor_modem_prop 1. Label ro.vendor.build.type to vendor_build_type_prop and grant vendor_init and modem_svc to access 2. Modem could set persist.modem. properties Bug: 130531503 Change-Id: I4c603a4e2079c259099a062dbd433fcf5a08dc88 Merged-In: I4c603a4e2079c259099a062dbd433fcf5a08dc88

commit: 92d20adc2a8ca1d76c0abab88844a587aed4e733 [log] [tgz]
author: SalmaxChang <salmaxchang@google.com> Tue Apr 16 17:28:55 2019 +0800
committer: SalmaxChang <salmaxchang@google.com> Thu Aug 29 17:54:47 2019 +0800
tree: 6a3b632508d831d757651a2a13e26ebd553bb83c
parent: 588cbeafc74056503c487880da3d497fd225494b [diff]
diff --git a/vendor/google/modem_svc.te b/vendor/google/modem_svc.te
new file mode 100644
index 0000000..f039ba1
--- /dev/null
+++ b/vendor/google/modem_svc.te

@@ -0,0 +1,23 @@
+type modem_svc, domain;
+type modem_svc_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(modem_svc)
+
+allow modem_svc self:capability net_bind_service;
+allow modem_svc self:socket create_socket_perms;
+allowxperm modem_svc self:socket ioctl msm_sock_ipc_ioctls;
+
+# For property service
+set_prop(modem_svc, vendor_modem_diag_prop)
+set_prop(modem_svc, vendor_modem_prop)
+get_prop(modem_svc, vendor_build_type_prop)
+get_prop(modem_svc, exported2_default_prop)
+get_prop(modem_svc, exported3_radio_prop)
+
+# For bugreport collection
+allow modem_svc hal_dumpstate_impl:fd use;
+allow modem_svc dumpstate:fd use;
+allow modem_svc shell_data_file:file write;
+
+dontaudit modem_svc kernel:system module_request;
+dontaudit modem_svc sysfs_msm_subsys:dir search;

diff --git a/vendor/google/property.te b/vendor/google/property.te
index 4c15940..9c44528 100644
--- a/vendor/google/property.te
+++ b/vendor/google/property.te

@@ -4,3 +4,6 @@
 
 # fingerprint
 type vendor_fingerprint_prop, property_type;
+
+type vendor_build_type_prop, property_type;
+type vendor_modem_prop, property_type;

diff --git a/vendor/google/property_contexts b/vendor/google/property_contexts
index 42b9c73..8571d62 100644
--- a/vendor/google/property_contexts
+++ b/vendor/google/property_contexts

@@ -14,3 +14,6 @@
 # fingerprint
 vendor.fps.init.succeed               u:object_r:vendor_fingerprint_prop:s0
 vendor.fps.init_retry.count           u:object_r:vendor_fingerprint_prop:s0
+
+ro.vendor.build.type                  u:object_r:vendor_build_type_prop:s0
+persist.modem.                        u:object_r:vendor_modem_prop:s0

diff --git a/vendor/google/vendor_init.te b/vendor/google/vendor_init.te
index 953174f..78d5d27 100644
--- a/vendor/google/vendor_init.te
+++ b/vendor/google/vendor_init.te

@@ -1,6 +1,7 @@
 # To allow setting audio.camerasound.force based on
 # ro.boot.hardware.radio.subtype at boot
 get_prop(vendor_init, vendor_radio_sku_prop)
+set_prop(vendor_init, vendor_build_type_prop)
 
 # To allow set pixel mm_event tracing
 allow vendor_init debugfs_tracing_instances:dir create_dir_perms;
commit	92d20adc2a8ca1d76c0abab88844a587aed4e733	[log] [tgz]
author	SalmaxChang <salmaxchang@google.com>	Tue Apr 16 17:28:55 2019 +0800
committer	SalmaxChang <salmaxchang@google.com>	Thu Aug 29 17:54:47 2019 +0800
tree	6a3b632508d831d757651a2a13e26ebd553bb83c
parent	588cbeafc74056503c487880da3d497fd225494b [diff]