whitechapel_pro/modem_svc_sit.te - device/google/gs201-sepolicy - Git at Google

 # Selinux rule for modem_svc_sit daemon
 type modem_svc_sit, domain;
 type modem_svc_sit_exec, vendor_file_type, exec_type, file_type;
 init_daemon_domain(modem_svc_sit)

 hwbinder_use(modem_svc_sit)
 binder_call(modem_svc_sit, rild)

 # Grant sysfs modem access
 allow modem_svc_sit sysfs_modem:file rw_file_perms;

 # Grant radio device access
 allow modem_svc_sit radio_device:chr_file rw_file_perms;

 # Grant vendor radio and modem file/dir creation permission
 allow modem_svc_sit radio_vendor_data_file:dir create_dir_perms;
 allow modem_svc_sit radio_vendor_data_file:file create_file_perms;
 allow modem_svc_sit modem_stat_data_file:dir create_dir_perms;
 allow modem_svc_sit modem_stat_data_file:file create_file_perms;

 allow modem_svc_sit vendor_fw_file:dir search;
 allow modem_svc_sit vendor_fw_file:file r_file_perms;

 allow modem_svc_sit mnt_vendor_file:dir r_dir_perms;
 allow modem_svc_sit modem_userdata_file:dir create_dir_perms;
 allow modem_svc_sit modem_userdata_file:file create_file_perms;

 # RIL property
 get_prop(modem_svc_sit, vendor_rild_prop)

 # Modem property
 set_prop(modem_svc_sit, vendor_modem_prop)

 # hwservice permission
 allow modem_svc_sit hal_exynos_rild_hwservice:hwservice_manager find;
 get_prop(modem_svc_sit, hwservicemanager_prop)

 # logging property
 get_prop(modem_svc_sit, vendor_logger_prop)

 # Modem SVC will register the default instance of the AIDL ISharedModemPlatform hal.
 hal_server_domain(modem_svc_sit, hal_shared_modem_platform)

 userdebug_or_eng(`
   allow modem_svc_sit radio_test_device:chr_file rw_file_perms;
 ')

 # Write trace data to the Perfetto traced daemon. This requires connecting to
 # its producer socket and obtaining a (per-process) tmpfs fd.
 perfetto_producer(modem_svc_sit)

 # Allow modem_svc_sit to access modem image file/dir
 allow modem_svc_sit modem_img_file:dir r_dir_perms;
 allow modem_svc_sit modem_img_file:file r_file_perms;
 allow modem_svc_sit modem_img_file:lnk_file r_file_perms;

 # Allow modem_svc_sit to access socket for UMI
 userdebug_or_eng(`
   allow modem_svc_sit radio_vendor_data_file:sock_file { create unlink };
 ')
	# Selinux rule for modem_svc_sit daemon
	type modem_svc_sit, domain;
	type modem_svc_sit_exec, vendor_file_type, exec_type, file_type;
	init_daemon_domain(modem_svc_sit)

	hwbinder_use(modem_svc_sit)
	binder_call(modem_svc_sit, rild)

	# Grant sysfs modem access
	allow modem_svc_sit sysfs_modem:file rw_file_perms;

	# Grant radio device access
	allow modem_svc_sit radio_device:chr_file rw_file_perms;

	# Grant vendor radio and modem file/dir creation permission
	allow modem_svc_sit radio_vendor_data_file:dir create_dir_perms;
	allow modem_svc_sit radio_vendor_data_file:file create_file_perms;
	allow modem_svc_sit modem_stat_data_file:dir create_dir_perms;
	allow modem_svc_sit modem_stat_data_file:file create_file_perms;

	allow modem_svc_sit vendor_fw_file:dir search;
	allow modem_svc_sit vendor_fw_file:file r_file_perms;

	allow modem_svc_sit mnt_vendor_file:dir r_dir_perms;
	allow modem_svc_sit modem_userdata_file:dir create_dir_perms;
	allow modem_svc_sit modem_userdata_file:file create_file_perms;

	# RIL property
	get_prop(modem_svc_sit, vendor_rild_prop)

	# Modem property
	set_prop(modem_svc_sit, vendor_modem_prop)

	# hwservice permission
	allow modem_svc_sit hal_exynos_rild_hwservice:hwservice_manager find;
	get_prop(modem_svc_sit, hwservicemanager_prop)

	# logging property
	get_prop(modem_svc_sit, vendor_logger_prop)

	# Modem SVC will register the default instance of the AIDL ISharedModemPlatform hal.
	hal_server_domain(modem_svc_sit, hal_shared_modem_platform)

	userdebug_or_eng(`
	allow modem_svc_sit radio_test_device:chr_file rw_file_perms;
	')

	# Write trace data to the Perfetto traced daemon. This requires connecting to
	# its producer socket and obtaining a (per-process) tmpfs fd.
	perfetto_producer(modem_svc_sit)

	# Allow modem_svc_sit to access modem image file/dir
	allow modem_svc_sit modem_img_file:dir r_dir_perms;
	allow modem_svc_sit modem_img_file:file r_file_perms;
	allow modem_svc_sit modem_img_file:lnk_file r_file_perms;

	# Allow modem_svc_sit to access socket for UMI
	userdebug_or_eng(`
	allow modem_svc_sit radio_vendor_data_file:sock_file { create unlink };
	')