Move connectivitymonitor sepolicies to policy file
Move connectivity monitor sepolicies to specific policy file
and allow connectivity monitor to use radio_service.
This change is a result of moving ConnectivityMonitor
to vendor partition. Which results in the app not
having access to use radio_service.
And specific file is needed to prevent
all radio users from using radio_service
and allowing only ConnectivityMonitor to use.
This change is based on
change id: "I8ad45d5e9cedde8f498627f97b35db27dfd2ea28"
Bug: 73381264
Test: Test on marlin device.
Change-Id: I0513135eef900f57332fac92f33a52c9dd2351c3
diff --git a/sepolicy/con_monitor.te b/sepolicy/con_monitor.te
new file mode 100644
index 0000000..f38500b
--- /dev/null
+++ b/sepolicy/con_monitor.te
@@ -0,0 +1,8 @@
+# ConnectivityMonitor app
+type con_monitor_app, domain;
+
+app_domain(con_monitor_app)
+
+set_prop(con_monitor_app, tel_mon_prop)
+allow con_monitor_app app_api_service:service_manager find;
+allow con_monitor_app radio_service:service_manager find;
diff --git a/sepolicy/property.te b/sepolicy/property.te
index 91bb598..028c18f 100644
--- a/sepolicy/property.te
+++ b/sepolicy/property.te
@@ -10,3 +10,4 @@
type sys_time_prop, property_type;
type post_boot_prop, property_type;
type bluetooth_log_prop, property_type;
+type tel_mon_prop, property_type;
diff --git a/sepolicy/property_contexts b/sepolicy/property_contexts
index 63d49ef..0517799 100644
--- a/sepolicy/property_contexts
+++ b/sepolicy/property_contexts
@@ -1,17 +1,20 @@
-persist.camera. u:object_r:camera_prop:s0
-htc.camera. u:object_r:camera_prop:s0
-sensors. u:object_r:sensors_prop:s0
-wc_transport. u:object_r:wc_prop:s0
-net.r_rmnet u:object_r:net_radio_prop:s0
-radio. u:object_r:radio_prop:s0
-rcs.publish.status u:object_r:radio_prop:s0
-ro.boot.hardware.sku u:object_r:hw_sku_prop:s0
-ro.boot.mid u:object_r:mid_prop:s0
-debug.ssrdump u:object_r:ssr_prop:s0
-persist.sys.cnss. u:object_r:cnss_diag_prop:s0
-persist.sys.crash_rcu u:object_r:ramdump_prop:s0
-sys.qcom.thermalcfg u:object_r:thermal_prop:s0
-ctl.vendor.thermal-engine u:object_r:thermal_prop:s0
-sys.time.set u:object_r:sys_time_prop:s0
-sys.post_boot.parsed u:object_r:post_boot_prop:s0
-sys.logger.bluetooth u:object_r:bluetooth_log_prop:s0
+persist.camera. u:object_r:camera_prop:s0
+htc.camera. u:object_r:camera_prop:s0
+sensors. u:object_r:sensors_prop:s0
+wc_transport. u:object_r:wc_prop:s0
+net.r_rmnet u:object_r:net_radio_prop:s0
+radio. u:object_r:radio_prop:s0
+rcs.publish.status u:object_r:radio_prop:s0
+ro.boot.hardware.sku u:object_r:hw_sku_prop:s0
+ro.boot.mid u:object_r:mid_prop:s0
+debug.ssrdump u:object_r:ssr_prop:s0
+persist.sys.cnss. u:object_r:cnss_diag_prop:s0
+persist.sys.crash_rcu u:object_r:ramdump_prop:s0
+sys.qcom.thermalcfg u:object_r:thermal_prop:s0
+ctl.vendor.thermal-engine u:object_r:thermal_prop:s0
+sys.time.set u:object_r:sys_time_prop:s0
+sys.post_boot.parsed u:object_r:post_boot_prop:s0
+sys.logger.bluetooth u:object_r:bluetooth_log_prop:s0
+persist.radio.enable_tel_mon u:object_r:tel_mon_prop:s0
+persist.radio.poweranomaly.start u:object_r:tel_mon_prop:s0
+persist.radio.lowpowermonitor.start u:object_r:tel_mon_prop:s0
diff --git a/sepolicy/seapp_contexts b/sepolicy/seapp_contexts
index c02b6eb..2754b30 100644
--- a/sepolicy/seapp_contexts
+++ b/sepolicy/seapp_contexts
@@ -15,3 +15,6 @@
# TimeService app
user=system seinfo=platform name=com.qualcomm.timeservice domain=qtimeservice type=system_app_data_file
+
+#Domain for connectivity monitor
+user=radio seinfo=platform name=com.google.android.connectivitymonitor domain=con_monitor_app type=app_data_file levelFrom=all
diff --git a/sepolicy/system_app.te b/sepolicy/system_app.te
index 191a6db..0918990 100644
--- a/sepolicy/system_app.te
+++ b/sepolicy/system_app.te
@@ -11,3 +11,6 @@
# Needed by Settings app's CameraLaserSensorPreferenceController
set_prop(system_app, camera_prop)
+
+# Connectivity Monitor properties
+set_prop(system_app, tel_mon_prop)
