From c07ec24c9771444b7d0fc50f9ba103cc3c8d7779 Mon Sep 17 00:00:00 2001 From: Aayush Gupta Date: Fri, 1 Jan 2021 13:58:51 +0530 Subject: [PATCH] non_plat: Label bip binary and grant required permissions - SELinux rules are obtained fro stock SEpolicy Signed-off-by: Aayush Gupta Change-Id: Ie262a1a2a93aabc1cfa6e1cbdadf647058caec31 --- non_plat/bip.te | 25 +++++++++++++++++++++++++ non_plat/file_contexts | 1 + 2 files changed, 26 insertions(+) create mode 100644 non_plat/bip.te diff --git a/non_plat/bip.te b/non_plat/bip.te new file mode 100644 index 0000000..7e1e512 --- /dev/null +++ b/non_plat/bip.te @@ -0,0 +1,25 @@ +type bip, domain, mtkimsmddomain; +type bip_exec, exec_type, file_type, vendor_file_type; + +init_daemon_domain(bip) + +allow bip self:netlink_route_socket read; +allow bip self:tcp_socket { create_socket_perms listen accept }; +allow bip self:udp_socket create_socket_perms; +allow bip self:rawip_socket { read write create getattr bind setopt }; + +allow bip socket_device:dir { write add_name remove_name }; +allow bip socket_device:sock_file { write create unlink }; + +allow bip { node port netd }:udp_socket node_bind; +allow bip { fwmarkd_socket property_socket }:sock_file write; +allow bip init:unix_stream_socket connectto; + +allow bip port:tcp_socket { name_connect }; +allow bip rootfs:lnk_file getattr; +allow bip ccci_device:chr_file rw_file_perms; +allow bip node:rawip_socket node_bind; + +set_prop(bip, ril_mux_report_case_prop) +set_prop(bip, ctl_muxreport-daemon_prop) +get_prop(bip, net_dns_prop) diff --git a/non_plat/file_contexts b/non_plat/file_contexts index 96805db..3af71b9 100644 --- a/non_plat/file_contexts +++ b/non_plat/file_contexts @@ -712,5 +712,6 @@ /(system\/vendor|vendor)/bin/ipsec_mon u:object_r:ipsec_mon_exec:s0 # IMS +/(system\/vendor|vendor)/bin/bip u:object_r:bip_exec:s0 /(system\/vendor|vendor)/bin/volte_imsm_93 u:object_r:volte_imsm_93_exec:s0 /(system\/vendor|vendor)/bin/volte_md_status u:object_r:volte_md_status_exec:s0