Add sepolicy for libvsoc-rild Bug: 128944386 Change-Id: Ie0585cc02090bd495aa3896c82ceebc0531f8d95 (cherry picked from commit 22a6f36cd487183a6f030bf19f40c4b43247bacd)

commit: f71ef63290972efee580aed15bc88cdb24b12beb [log] [tgz]
author: Alistair Strachan <astrachan@google.com> Tue Mar 19 19:32:41 2019 -0700
committer: Greg Hartman <ghartman@google.com> Fri Mar 22 13:00:45 2019 -0700
tree: 655b55e30e1b295c3ae46a93af147f5986a047b8
parent: 0d931af17e7c28199aeda19a368664a639619dc4 [diff]
diff --git a/shared/sepolicy/device.te b/shared/sepolicy/device.te
index 7c7330c..38f0a2f 100644
--- a/shared/sepolicy/device.te
+++ b/shared/sepolicy/device.te

@@ -1,6 +1,7 @@
 # Device types
 type input_events_device, dev_type;
-type socket_forward_device, dev_type;
+type libcuttlefish_rild_device, dev_type;
 type region_e2e_test_device, dev_type;
 type region_screen_device, dev_type;
+type socket_forward_device, dev_type;
 type virtual_serial_device, dev_type;

diff --git a/shared/sepolicy/file_contexts b/shared/sepolicy/file_contexts
index b9a238e..fe53fd2 100644
--- a/shared/sepolicy/file_contexts
+++ b/shared/sepolicy/file_contexts

@@ -12,6 +12,7 @@
 /dev/e2e_primary  u:object_r:region_e2e_test_device:s0
 /dev/e2e_secondary  u:object_r:region_e2e_test_device:s0
 /dev/input_events  u:object_r:input_events_device:s0
+/dev/ril  u:object_r:libcuttlefish_rild_device:s0
 /dev/screen  u:object_r:region_screen_device:s0
 /dev/socket_forward  u:object_r:socket_forward_device:s0
 /dev/vport[0-9]p[0-9]*  u:object_r:virtual_serial_device:s0
@@ -36,7 +37,7 @@
 /vendor/bin/vsoc_guest_region_e2e_test  u:object_r:vsoc_guest_region_e2e_test_exec:s0
 /vendor/bin/vport_trigger  u:object_r:vport_trigger_exec:s0
 /vendor/bin/rename_netiface  u:object_r:rename_netiface_exec:s0
-/vendor/bin/hw/libcuttlefish-rild  u:object_r:rild_exec:s0
+/vendor/bin/hw/libcuttlefish-rild  u:object_r:libcuttlefish_rild_exec:s0
 /vendor/bin/hw/android\.hardware\.power\.stats@1\.0-service\.mock  u:object_r:hal_power_stats_default_exec:s0
 /vendor/bin/hw/android\.hardware\.bluetooth@1\.0-service\.sim  u:object_r:hal_bluetooth_sim_exec:s0
 /vendor/bin/hw/android\.hardware\.dumpstate@1\.0-service\.cuttlefish  u:object_r:hal_dumpstate_impl_exec:s0

diff --git a/shared/sepolicy/libcuttlefish_rild.te b/shared/sepolicy/libcuttlefish_rild.te
new file mode 100644
index 0000000..0ec8a6f
--- /dev/null
+++ b/shared/sepolicy/libcuttlefish_rild.te

@@ -0,0 +1,11 @@
+type libcuttlefish_rild, domain;
+type libcuttlefish_rild_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(libcuttlefish_rild)
+
+hal_server_domain(libcuttlefish_rild, hal_telephony)
+
+allow libcuttlefish_rild libcuttlefish_rild_device:chr_file rw_file_perms;
+
+# Failing to create these sockets appears to be non-fatal
+net_domain(libcuttlefish_rild)

diff --git a/shared/sepolicy/vendor_init.te b/shared/sepolicy/vendor_init.te
index 4e4892f..4dbeb6e 100644
--- a/shared/sepolicy/vendor_init.te
+++ b/shared/sepolicy/vendor_init.te

@@ -1,5 +1,6 @@
 allow vendor_init {
   audio_device
   input_events_device
+  libcuttlefish_rild_device
   region_screen_device
 }:chr_file { getattr };
commit	f71ef63290972efee580aed15bc88cdb24b12beb	[log] [tgz]
author	Alistair Strachan <astrachan@google.com>	Tue Mar 19 19:32:41 2019 -0700
committer	Greg Hartman <ghartman@google.com>	Fri Mar 22 13:00:45 2019 -0700
tree	655b55e30e1b295c3ae46a93af147f5986a047b8
parent	0d931af17e7c28199aeda19a368664a639619dc4 [diff]