From 8b080ee2608c438c3a7d0d515da11a200554a197 Mon Sep 17 00:00:00 2001
From: Amit Mahajan <amitmahajan@google.com>
Date: Thu, 30 Mar 2017 11:28:30 -0700
Subject: [PATCH] rild does not communicate with BT/system_server/mediaserver
 over sockets

Test: manual (verified no denials in basic telephony operations)
Bug: 36613472
Change-Id: I31274adee2cb6293102446cd2d6d547c50616836
---
 private/bluetooth.te     | 4 ----
 private/file_contexts    | 1 -
 private/system_server.te | 3 ---
 public/file.te           | 1 -
 public/mediaserver.te    | 3 ---
 5 files changed, 12 deletions(-)

diff --git a/private/bluetooth.te b/private/bluetooth.te
index b0048aa98..d05a21f65 100644
--- a/private/bluetooth.te
+++ b/private/bluetooth.te
@@ -49,10 +49,6 @@ allow bluetooth surfaceflinger_service:service_manager find;
 allow bluetooth app_api_service:service_manager find;
 allow bluetooth system_api_service:service_manager find;
 
-# TODO(b/36613472): Remove this once bluetooth daemon does not communicate with rild over sockets
-# Bluetooth Sim Access Profile Socket to the RIL
-unix_socket_connect(bluetooth, sap_uim, rild)
-
 # already open bugreport file descriptors may be shared with
 # the bluetooth process, from a file in
 # /data/data/com.android.shell/files/bugreports/bugreport-*.
diff --git a/private/file_contexts b/private/file_contexts
index 1b618758f..00d0e4cc3 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -116,7 +116,6 @@
 /dev/snd/audio_seq_device	u:object_r:audio_seq_device:s0
 /dev/socket(/.*)?	u:object_r:socket_device:s0
 /dev/socket/adbd	u:object_r:adbd_socket:s0
-/dev/socket/sap_uim_socket[0-9]        u:object_r:sap_uim_socket:s0
 /dev/socket/cryptd	u:object_r:vold_socket:s0
 /dev/socket/dnsproxyd	u:object_r:dnsproxyd_socket:s0
 /dev/socket/dumpstate	u:object_r:dumpstate_socket:s0
diff --git a/private/system_server.te b/private/system_server.te
index e9ffa82b8..6f19e38b2 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -452,9 +452,6 @@ allow system_server gps_control:file rw_file_perms;
 allow system_server appdomain:{ tcp_socket udp_socket } { getattr getopt setopt read write shutdown };
 allow system_server appdomain:{ fifo_file unix_stream_socket } { getattr read write };
 
-# Allow abstract socket connection
-allow system_server rild:unix_stream_socket connectto;
-
 # BackupManagerService needs to manipulate backup data files
 allow system_server cache_backup_file:dir rw_dir_perms;
 allow system_server cache_backup_file:file create_file_perms;
diff --git a/public/file.te b/public/file.te
index f776ef6e5..0ee1500ad 100644
--- a/public/file.te
+++ b/public/file.te
@@ -254,7 +254,6 @@ type vold_socket, file_type, coredomain_socket;
 type webview_zygote_socket, file_type, coredomain_socket;
 type wpa_socket, file_type;
 type zygote_socket, file_type, coredomain_socket;
-type sap_uim_socket, file_type;
 # UART (for GPS) control proc file
 type gps_control, file_type;
 
diff --git a/public/mediaserver.te b/public/mediaserver.te
index e9aa421f6..01cc4d8c7 100644
--- a/public/mediaserver.te
+++ b/public/mediaserver.te
@@ -67,9 +67,6 @@ allow mediaserver app_fuse_file:file { read getattr };
 allow mediaserver qtaguid_proc:file rw_file_perms;
 allow mediaserver qtaguid_device:chr_file r_file_perms;
 
-# Allow abstract socket connection
-allow mediaserver rild:unix_stream_socket { connectto read write setopt };
-
 # Needed on some devices for playing DRM protected content,
 # but seems expected and appropriate for all devices.
 unix_socket_connect(mediaserver, drmserver, drmserver)
-- 
GitLab