| # Grant access to Qualcomm MSM Interface (QMI) radio sockets |
| qmux_socket(radio) |
| |
| allow radio uce_service:service_manager { add find }; |
| |
| # read access to sys/bus/esoc/devices/ directory. |
| allow radio sysfs:dir r_dir_perms; |
| |
| r_dir_file(radio, sysfs_msm_subsys) |
| |
| # Access to /vendor/framework/qti-vzw-ims-internal.jar for all |
| # IMS packages running with com.android.phone sharedUID |
| allow radio vendor_framework_file:dir { getattr search }; |
| allow radio vendor_framework_file:file { getattr open read }; |
| |
| # TODO(b/37164021): Remove this once radio no longer communicates with ims over sockets |
| typeattribute radio socket_between_core_and_vendor_violators; |
| typeattribute ims socket_between_core_and_vendor_violators; |
| # communicate with ims |
| unix_socket_connect(radio, ims, ims) |
| |
| # Allow radio to talk to rild over socket |
| unix_socket_connect(radio, rild, rild) |
| |
| # access to /dev/diag on debug builds |
| userdebug_or_eng(` |
| allow radio diag_device:chr_file rw_file_perms; |
| ') |
| dontaudit radio diag_device:chr_file rw_file_perms; |
| |
| # access to /dev/avtimer |
| allow radio avtimer_device:chr_file rw_file_perms; |
| |
| allowxperm radio self:udp_socket ioctl priv_sock_ioctls; |
| |
| # Needed for use .so files in /vendor/lib64 needed by ims which runs as com.android.phone (radio) |
| # r_dir_file(radio, vendor_file) |
| typeattribute radio system_executes_vendor_violators; |
| allow radio vendor_file:file rx_file_perms; |
| |
| # read access to sys/module/diagchar/parameters/timestamp_switch |
| allow radio sysfs_timestamp_switch:file r_file_perms; |
| |
| add_service(radio, qchook_service) |
