non_plat/rilproxy.te - device/mediatek/wembley-sepolicy - Git at Google

 # ==============================================
 # Policy File of /vendor/bin/rilproxy Executable File


 # ==============================================
 # Type Declaration
 # ==============================================

 # ==============================================
 # MTK Policy Rule
 # ==============================================

 # Access to wake locks
 wakelock_use(rild)

 # rild Bringup Policy
 allow rild mtkrild:unix_stream_socket connectto;
 allow rild self:capability setuid;
 set_prop(rild, radio_prop)
 set_prop(rild, vendor_mtk_ril_mux_report_case_prop)
 allow rild mtk_agpsd:unix_stream_socket connectto;
 allow servicemanager rild:dir search;
 allow servicemanager rild:file { read open };
 allow servicemanager rild:process getattr;

 # Allow the socket read/write of netd for rild
 allow rild netd_socket:sock_file write;
 allow rild netd_socket:sock_file read;

 #Date : W17.13
 #Purpose: Treble SEpolicy denied clean up
 get_prop(rild, hwservicemanager_prop)

 #Date : W17.18
 #Purpose: Treble SEpolicy denied clean up
 add_hwservice(hal_telephony_server, mtk_hal_rild_hwservice)
 allow hal_telephony_client mtk_hal_rild_hwservice:hwservice_manager find;

 #Date : W17.21
 #Purpose: Grant permission to access binder dev node
 vndbinder_use(rild)

 #Date : W17.20
 #Purpose: allow access to audio hal
 binder_call(rild, mtk_hal_audio)
 hal_client_domain(rild, hal_audio)

 #Date : W18.15
 #Purpose: allow rild access to vendor.ril.ipo system property
 set_prop(mtkrild, vendor_mtk_ril_ipo_prop)

 # Date : WK18.26
 # Operation: P migration
 # Purpose: Allow carrier express HIDL to set vendor property
 set_prop(mtkrild, vendor_mtk_cxp_vendor_prop)
 allow mtkrild mnt_vendor_file:dir search;
 allow mtkrild mnt_vendor_file:file create_file_perms;
 allow mtkrild nvdata_file:dir create_dir_perms;
 allow mtkrild nvdata_file:file create_file_perms;

 # Date : WK18.31
 # Operation: P migration
 # Purpose: Allow supplementary service HIDL to set vendor property
 set_prop(mtkrild, vendor_mtk_ss_vendor_prop)

 # Date : W19.16
 # Operation: Q migration
 # Purpose: Allow rild access to send SUPL INIT to mnld
 allow rild mnld:unix_dgram_socket sendto;
 allow mtkrild mnld:unix_dgram_socket sendto;

 # Date : W19.35
 # Operation: Q migration
 # Purpose: Fix rilproxy SeLinux warning of pre-defined socket
 allow rild gsmrild_socket:sock_file write;
	# ==============================================
	# Policy File of /vendor/bin/rilproxy Executable File


	# ==============================================
	# Type Declaration
	# ==============================================

	# ==============================================
	# MTK Policy Rule
	# ==============================================

	# Access to wake locks
	wakelock_use(rild)

	# rild Bringup Policy
	allow rild mtkrild:unix_stream_socket connectto;
	allow rild self:capability setuid;
	set_prop(rild, radio_prop)
	set_prop(rild, vendor_mtk_ril_mux_report_case_prop)
	allow rild mtk_agpsd:unix_stream_socket connectto;
	allow servicemanager rild:dir search;
	allow servicemanager rild:file { read open };
	allow servicemanager rild:process getattr;

	# Allow the socket read/write of netd for rild
	allow rild netd_socket:sock_file write;
	allow rild netd_socket:sock_file read;

	#Date : W17.13
	#Purpose: Treble SEpolicy denied clean up
	get_prop(rild, hwservicemanager_prop)

	#Date : W17.18
	#Purpose: Treble SEpolicy denied clean up
	add_hwservice(hal_telephony_server, mtk_hal_rild_hwservice)
	allow hal_telephony_client mtk_hal_rild_hwservice:hwservice_manager find;

	#Date : W17.21
	#Purpose: Grant permission to access binder dev node
	vndbinder_use(rild)

	#Date : W17.20
	#Purpose: allow access to audio hal
	binder_call(rild, mtk_hal_audio)
	hal_client_domain(rild, hal_audio)

	#Date : W18.15
	#Purpose: allow rild access to vendor.ril.ipo system property
	set_prop(mtkrild, vendor_mtk_ril_ipo_prop)

	# Date : WK18.26
	# Operation: P migration
	# Purpose: Allow carrier express HIDL to set vendor property
	set_prop(mtkrild, vendor_mtk_cxp_vendor_prop)
	allow mtkrild mnt_vendor_file:dir search;
	allow mtkrild mnt_vendor_file:file create_file_perms;
	allow mtkrild nvdata_file:dir create_dir_perms;
	allow mtkrild nvdata_file:file create_file_perms;

	# Date : WK18.31
	# Operation: P migration
	# Purpose: Allow supplementary service HIDL to set vendor property
	set_prop(mtkrild, vendor_mtk_ss_vendor_prop)

	# Date : W19.16
	# Operation: Q migration
	# Purpose: Allow rild access to send SUPL INIT to mnld
	allow rild mnld:unix_dgram_socket sendto;
	allow mtkrild mnld:unix_dgram_socket sendto;

	# Date : W19.35
	# Operation: Q migration
	# Purpose: Fix rilproxy SeLinux warning of pre-defined socket
	allow rild gsmrild_socket:sock_file write;