-
Max Bires authored
After checking the auditallow logs for the rule being monitored, it's clear that the rule is not in use and can be removed. All unused rules should be removed, as they present needless additional attack vectors. Test: The device boots. Change-Id: Ie9e060c4d134212e01309a536ac052851e408320
58fb5ceb
radio.te 1.16 KiB
# phone subsystem
type radio, domain, domain_deprecated, mlstrustedsubject;
net_domain(radio)
bluetooth_domain(radio)
binder_service(radio)
# Talks to rild via the rild socket.
unix_socket_connect(radio, rild, rild)
# Data file accesses.
allow radio radio_data_file:dir create_dir_perms;
allow radio radio_data_file:notdevfile_class_set create_file_perms;
allow radio alarm_device:chr_file rw_file_perms;
allow radio net_data_file:dir search;
allow radio net_data_file:file r_file_perms;
# Property service
set_prop(radio, radio_prop)
set_prop(radio, net_radio_prop)
# ctl interface
set_prop(radio, ctl_rildaemon_prop)
allow radio audioserver_service:service_manager find;
allow radio cameraserver_service:service_manager find;
allow radio drmserver_service:service_manager find;
allow radio mediaserver_service:service_manager find;
allow radio nfc_service:service_manager find;
allow radio radio_service:service_manager { add find };
allow radio surfaceflinger_service:service_manager find;
allow radio app_api_service:service_manager find;
allow radio system_api_service:service_manager find;
# Perform HwBinder IPC.
hwbinder_use(radio)
binder_call(radio, hal_telephony)