Add ATfwd related SE policies
Defined the policies for ATFwd daemon and java service
in order to have complete functionality
Bug: 17543709
Change-Id: I9d820eccebd68c313feb454a19d830f85cb029ab
diff --git a/BoardConfig.mk b/BoardConfig.mk
index 26d5588..c6dfc9c 100644
--- a/BoardConfig.mk
+++ b/BoardConfig.mk
@@ -109,6 +109,7 @@
BOARD_SEPOLICY_UNION += \
adspd.te \
+ atfwd.te \
bluetooth.te \
bluetooth_loader.te \
bootanim.te \
@@ -129,6 +130,7 @@
radio.te \
rild.te \
sensors.te \
+ service.te \
ss_ramdump.te \
surfaceflinger.te \
system_app.te \
diff --git a/init.shamu.rc b/init.shamu.rc
index 3c36db5..5e2ba42 100644
--- a/init.shamu.rc
+++ b/init.shamu.rc
@@ -620,3 +620,8 @@
on property:init.svc.ril-daemon=running
setprop ro.mdm_helper_proxy_req true
+
+service atfwd /system/bin/ATFWD-daemon
+ class late_start
+ user system
+ group system radio
diff --git a/sepolicy/atfwd.te b/sepolicy/atfwd.te
new file mode 100644
index 0000000..a713530
--- /dev/null
+++ b/sepolicy/atfwd.te
@@ -0,0 +1,15 @@
+type atfwd, domain;
+type atfwd_exec, exec_type, file_type;
+
+# Started by init
+init_daemon_domain(atfwd)
+
+# Creates/Talks to qmuxd via the qmux_radio socket.
+allow atfwd qmuxd_socket:dir rw_dir_perms;
+allow atfwd qmuxd_socket:sock_file create_file_perms;
+allow atfwd qmux:unix_stream_socket connectto;
+
+#Allow IPC binding with ServiceManager & System apps
+binder_use(atfwd);
+binder_call(atfwd, system_app);
+binder_call(atfwd, servicemanager);
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index f985355..70f9c3a 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -131,6 +131,7 @@
/system/bin/thermal-engine u:object_r:thermald_exec:s0
/system/bin/time_daemon u:object_r:time_exec:s0
/system/bin/tcmd_mini u:object_r:tcmd_exec:s0
+/system/bin/ATFWD-daemon u:object_r:atfwd_exec:s0
# Bluetooth
/sys/class/rfkill/rfkill0/state u:object_r:sysfs_bluetooth_writable:s0
diff --git a/sepolicy/service.te b/sepolicy/service.te
new file mode 100644
index 0000000..612d43d
--- /dev/null
+++ b/sepolicy/service.te
@@ -0,0 +1 @@
+type atfwd_service, service_manager_type;
diff --git a/sepolicy/service_contexts b/sepolicy/service_contexts
index a37b75a..2c7dfc7 100644
--- a/sepolicy/service_contexts
+++ b/sepolicy/service_contexts
@@ -1 +1,2 @@
rcs u:object_r:radio_service:s0
+AtCmdFwd u:object_r:atfwd_service:s0
diff --git a/sepolicy/system_app.te b/sepolicy/system_app.te
index 53b4de4..64304d0 100644
--- a/sepolicy/system_app.te
+++ b/sepolicy/system_app.te
@@ -2,3 +2,5 @@
allow system_app shell_data_file:dir search;
allow system_app time:unix_stream_socket connectto;
+
+allow system_app atfwd_service:service_manager add;
