non_plat: Label bip binary and grant required permissions

- SELinux rules are obtained fro stock SEpolicy Signed-off-by: Aayush Gupta <aayushgupta219@gmail.com> Change-Id: Ie262a1a2a93aabc1cfa6e1cbdadf647058caec31
2021-01-01 13:58:51 +05:30 · 2021-01-01 13:58:51 +05:30 · c07ec24c97
commit c07ec24c97
parent a76a7cc1d2
2 changed files with 26 additions and 0 deletions
--- a/non_plat/bip.te
+++ b/non_plat/bip.te
@ -0,0 +1,25 @@
+type bip, domain, mtkimsmddomain;
+type bip_exec, exec_type, file_type, vendor_file_type;
+
+init_daemon_domain(bip)
+
+allow bip self:netlink_route_socket read;
+allow bip self:tcp_socket { create_socket_perms listen accept };
+allow bip self:udp_socket create_socket_perms;
+allow bip self:rawip_socket { read write create getattr bind setopt };
+
+allow bip socket_device:dir { write add_name remove_name };
+allow bip socket_device:sock_file { write create unlink };
+
+allow bip { node port netd }:udp_socket node_bind;
+allow bip { fwmarkd_socket property_socket }:sock_file write;
+allow bip init:unix_stream_socket connectto;
+
+allow bip port:tcp_socket { name_connect };
+allow bip rootfs:lnk_file getattr;
+allow bip ccci_device:chr_file rw_file_perms;
+allow bip node:rawip_socket node_bind;
+
+set_prop(bip, ril_mux_report_case_prop)
+set_prop(bip, ctl_muxreport-daemon_prop)
+get_prop(bip, net_dns_prop)
--- a/non_plat/file_contexts
+++ b/non_plat/file_contexts
@ -712,5 +712,6 @@
 /(system\/vendor|vendor)/bin/ipsec_mon u:object_r:ipsec_mon_exec:s0

 # IMS
+/(system\/vendor|vendor)/bin/bip         u:object_r:bip_exec:s0
 /(system\/vendor|vendor)/bin/volte_imsm_93              u:object_r:volte_imsm_93_exec:s0
 /(system\/vendor|vendor)/bin/volte_md_status            u:object_r:volte_md_status_exec:s0