From c2b594dbaded51b3ddb814950c12a95b7c945749 Mon Sep 17 00:00:00 2001
From: Amit Mahajan <amitmahajan@google.com>
Date: Wed, 7 Dec 2016 17:43:46 -0800
Subject: [PATCH] SEPolicy changes for BT SAP hal.

Test: Verified that WIP telephony and BT SAP CLs work fine with this change
https://android-review.googlesource.com/#/q/topic:%22Basic+radio+service+and+client%22+(status:open+OR+status:merged)
https://android-review.googlesource.com/#/q/topic:%22SAP+HAL%22+(status:open+OR+status:merged)
Bug: 32020264
Change-Id: If15820d43e324d80e35808a292ee811f98d499cc
---
 public/attributes       | 1 +
 public/bluetooth.te     | 4 ++++
 public/hal_telephony.te | 5 +++++
 public/radio.te         | 7 ++++---
 public/rild.te          | 5 +----
 5 files changed, 15 insertions(+), 7 deletions(-)
 create mode 100644 public/hal_telephony.te

diff --git a/public/attributes b/public/attributes
index aafafa6c8..c14365cf4 100644
--- a/public/attributes
+++ b/public/attributes
@@ -125,6 +125,7 @@ attribute hal_light;
 attribute hal_memtrack;
 attribute hal_nfc;
 attribute hal_power;
+attribute hal_telephony;
 attribute hal_thermal;
 attribute hal_vibrator;
 attribute hal_vr;
diff --git a/public/bluetooth.te b/public/bluetooth.te
index 75a11f43e..9f21676a7 100644
--- a/public/bluetooth.te
+++ b/public/bluetooth.te
@@ -58,6 +58,10 @@ unix_socket_connect(bluetooth, sap_uim, rild)
 # /data/data/com.android.shell/files/bugreports/bugreport-*.
 allow bluetooth shell_data_file:file read;
 
+# Perform HwBinder IPC.
+hwbinder_use(bluetooth)
+binder_call(bluetooth, hal_telephony)
+
 ###
 ### Neverallow rules
 ###
diff --git a/public/hal_telephony.te b/public/hal_telephony.te
new file mode 100644
index 000000000..6f3a38fa2
--- /dev/null
+++ b/public/hal_telephony.te
@@ -0,0 +1,5 @@
+# Perform HwBinder IPC.
+hwbinder_use(hal_telephony)
+binder_call(hal_telephony, radio)
+binder_call(hal_telephony, bluetooth)
+
diff --git a/public/radio.te b/public/radio.te
index d46fc8969..f510a96f9 100644
--- a/public/radio.te
+++ b/public/radio.te
@@ -37,6 +37,7 @@ allow radio surfaceflinger_service:service_manager find;
 allow radio app_api_service:service_manager find;
 allow radio system_api_service:service_manager find;
 
-# Allow access to hwservicemanager for binderized hal
-binder_call(radio, hwservicemanager)
-binder_call(radio, rild)
+# Perform HwBinder IPC.
+hwbinder_use(radio)
+binder_call(radio, hal_telephony)
+
diff --git a/public/rild.te b/public/rild.te
index 687118232..398167601 100644
--- a/public/rild.te
+++ b/public/rild.te
@@ -1,5 +1,5 @@
 # rild - radio interface layer daemon
-type rild, domain, domain_deprecated;
+type rild, domain, domain_deprecated, hal_telephony;
 type rild_exec, exec_type, file_type;
 
 net_domain(rild)
@@ -51,6 +51,3 @@ r_dir_file(rild, system_file)
 # granting the ioctl permission for rild should be device specific
 allow rild self:socket create_socket_perms_no_ioctl;
 
-# Allow access to hwservicemanager for binderized hal
-binder_call(rild, hwservicemanager)
-binder_call(rild, radio)
-- 
GitLab