non_plat: Label volte_stack binary and grant required permissions

Signed-off-by: Aayush Gupta <aayushgupta219@gmail.com> Change-Id: I1ff3478844f876405a378f19ecd095daf7629708
2021-01-02 12:51:23 +05:30 · 2021-01-02 12:51:23 +05:30 · c4bd4e850c
commit c4bd4e850c
parent 23c3e00542
5 changed files with 27 additions and 0 deletions
--- a/non_plat/file.te
+++ b/non_plat/file.te
@ -449,3 +449,4 @@ type vendor_teei_data_file, file_type, data_file_type;

 # IMS
 type volte_ua_socket, file_type;
+type volte_imcb_socket, file_type;
--- a/non_plat/file_contexts
+++ b/non_plat/file_contexts
@ -713,7 +713,9 @@

 # IMS
 /dev/socket/volte_ua(/.*)?             u:object_r:volte_ua_socket:s0
+/dev/socket/volte_imcb(/.*)?           u:object_r:volte_imcb_socket:s0
 /(system\/vendor|vendor)/bin/bip         u:object_r:bip_exec:s0
 /(system\/vendor|vendor)/bin/volte_imsm_93              u:object_r:volte_imsm_93_exec:s0
 /(system\/vendor|vendor)/bin/volte_md_status            u:object_r:volte_md_status_exec:s0
 /(system\/vendor|vendor)/bin/volte_ua           u:object_r:volte_ua_exec:s0
+/(system\/vendor|vendor)/bin/volte_imcb         u:object_r:volte_imcb_exec:s0
--- a/non_plat/property.te
+++ b/non_plat/property.te
@ -339,3 +339,4 @@ type mtk_network_prop, property_type, mtk_core_property_type;
 # IMS
 type mtk_md_status_prop, property_type;
 type ctl_volte_ua_prop, property_type;
+type ctl_volte_imcb_prop, property_type;
--- a/non_plat/property_contexts
+++ b/non_plat/property_contexts
@ -379,3 +379,4 @@ ro.mtk_cam_stereo_camera_support u:object_r:mtk_camera_prop:s0
 vendor.volte_md_status         u:object_r:mtk_md_status_prop:s0
 vendor.ril.volte.              u:object_r:mtk_volte_prop:s0
 ctl.vendor.volte_ua            u:object_r:ctl_volte_ua_prop:s0
+ctl.vendor.volte_imcb          u:object_r:ctl_volte_imcb_prop:s0
--- a/non_plat/volte_imcb.te
+++ b/non_plat/volte_imcb.te
@ -0,0 +1,22 @@
+type volte_imcb, domain, netdomain, mtkimsmddomain;
+type volte_imcb_exec, exec_type, file_type, vendor_file_type;
+
+init_daemon_domain(volte_imcb)
+
+allow volte_imcb { port node }:tcp_socket node_bind;
+allow volte_imcb self:tcp_socket { create bind listen accept setopt read getattr write };
+allow volte_imcb socket_device:sock_file write;
+
+allow volte_imcb {
+    volte_ua
+    init
+}:unix_stream_socket connectto;
+
+allow volte_imcb {
+    volte_ua_socket
+    volte_imcb_socket
+    property_socket
+    netd_socket
+}:sock_file write;
+
+set_prop(volte_imcb, mtk_volte_prop)